[nsp-sec] ACK: Re: Compromised hosts with Torpig
Steven Matkoski
matkoski at nysernet.org
Mon Feb 23 09:23:35 EST 2009
Ack AS#: 33703
At 11:32 AM 2/20/2009, Florian Weimer wrote:
>----------- nsp-security Confidential --------
>
>The following is a list of hosts which have very likely been infected
>with Torpig, based on POST requests to certain Torpig-specific
>domains. Torpig offers a sophisticated browser injection engine and
>is used for manipulating web-based transaction systems.
>
>A companian list for Mebroot-related domains will be posted shortly.
>
>The data was obtained after a concerted effort from various parties.
>Usually guidelines apply (sanitize before you share). We can provide
>more details for individual requests we saw (Via and Host header
>fields).
>
>First column is the AS number. Time stamps are in UTC and refer to
>the last time the IP address was seeen so far.
More information about the nsp-security
mailing list