[nsp-sec] Adobe Reader 0day
Tim Wilde
twilde at cymru.com
Fri Feb 20 10:32:26 EST 2009
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Matthew.Swaar at us-cert.gov wrote:
> ----------- nsp-security Confidential --------
>
> Futile attempt to correct formatting likely follows:
>
> jmyp.8800.org (123.120.99.37) on port 80 and 21
This appears to be a Windows system, or at least, it was around
2009-02-11. It was also CBL listed at one point back in 2008-11.
> shareitok.51.net (219.232.224.95)
This guy is nasty - it has been hosting malware on and off (showing up
at least once every 30 days, but really quite a bit more often) since at
least 2008-04-24. It claims to be running nginx/0.5.33-p2 as its web
server, and appears to be a Linux system with a 2.4 kernel.
> hXXp://cpos.8800.org/logo.php (211.115.80.147)
> msus.6600.org
> js001.3322.org (222.35.136.119)
Nothing immediately popping up on these guys.
Regards,
Tim
- --
Tim Wilde, Senior Software Engineer, Team Cymru, Inc.
twilde at cymru.com | +1-312-924-4033 | http://www.team-cymru.org/
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iD8DBQFJns0KluRbRini9tgRAjFyAJ4mmEbcV6X10fMxJQ59yTh+22E7qACeN5Nz
RQaE5MPMLN248fV8/5OgYyI=
=F8CM
-----END PGP SIGNATURE-----
More information about the nsp-security
mailing list