[nsp-sec] Romanian IP's being DNS-bad, botnet/spamnet controllers?
Tim Wilde
twilde at cymru.com
Wed Jan 7 10:44:37 EST 2009
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Chris Morrow wrote:
> ----------- nsp-security Confidential --------
>
> Howdy, would anyone else that runs largeish dns clusters have
> information about:
Not from a DNS-cluster perspective, but here's what we know. :)
> 78.96.154.147
Bupkis on this one :|
> 193.226.19.74
This guy appears to have been a Stormworm node early last year, and also
appears to have been talking to a couple of different known C&Cs last
year. More recently it appears to have been a Windows box, probably XP,
early this year. No indications on its recent specifically malicious
activity, though.
> 86.120.67.249
> 89.114.153.236
Bupkis on these, too. It seems whatever these guys are doing, they're
doing it quite under-the-radar, excepting their DNS activities.
Regards,
Tim
- --
Tim Wilde, Senior Developer, Team Cymru, Inc.
twilde at cymru.com | +1-312-924-4033 | http://www.team-cymru.org/
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iD8DBQFJZM3lluRbRini9tgRAorfAJ0bZk6U6QHlndtF92XEf8/Yex10rACdEEM3
PFs+lWVCf1FIQS4mIGcFNDM=
=LuXX
-----END PGP SIGNATURE-----
More information about the nsp-security
mailing list