[nsp-sec] Compromised hosts with Torpig
Gert Doering
gert at greenie.muc.de
Fri Feb 20 11:46:46 EST 2009
Hi Florian,
On Fri, Feb 20, 2009 at 05:32:35PM +0100, Florian Weimer wrote:
> The following is a list of hosts which have very likely been infected
> with Torpig, based on POST requests to certain Torpig-specific
> domains. Torpig offers a sophisticated browser injection engine and
> is used for manipulating web-based transaction systems.
[..]
> 5539 | 195.30.249.175 | 2009-02-20T15:41:42Z
ACK 5539. Since this is a proxy used by numerous machines in numerous
locations - could you provide me with detailed time stamps and all
extra information you have?
thanks,
gert
--
Gert Doering
SpaceNet AG, AS 5539, gert at space.net. PGP-KeyID: 0x65514975
Also reachable via gert at greenie.muc.de and gert at net.informatik.tu-muenchen.de
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 304 bytes
Desc: not available
URL: <https://puck.nether.net/mailman/private/nsp-security/attachments/20090220/8c59a34d/attachment-0001.sig>
More information about the nsp-security
mailing list