[nsp-sec] ACK: rustock C&C
Zoe O'Connell
zoe at hotchilli.com
Thu Feb 5 04:51:01 EST 2009
Beasley, Jason wrote:
>> ----------- nsp-security Confidential --------
>>
>> Suresh over at Outblaze has identified what he believes to be an rustock
>> C&C existing at 69.10.44.210. From what I can tell, it appears he is
>> correct. I've compiled a listing of sources communicating to this
>> server. Please check the following list for your ASN:
>> http://drakul.nsc.xo.net/asns.txt
>> And then the full listing here for the hosts:
>> https://asn.cymru.com/nsp-sec/upload/1233681381.whois.txt
>> Timestamps are included.
ACK AS8419, data looks good - the host we have on that list was
definitely infected with something as it was caught spamming earlier
this week.
More information about the nsp-security
mailing list