[nsp-sec] black energy botnet
Gabriel Iovino
giovino at ren-isac.net
Fri Jul 3 13:59:54 EDT 2009
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Dirk Stander wrote:
> please find attached a list of drones of a black energy ddos botnet.
> The format is:
> <ASN> | <IP> | <CC> | <epoch last seen> <uniq bot id> | <AS name>
> (the bot id seems to contain the windows computer name.)
Sanitized notifications have been sent to the following:
> 25 | 136.152.178.116 | US | 1246559758 xCINNAMON_207393AB | UCB - University of California at Berkeley
> 302 | 128.249.96.252 | US | 1246565290 xBCLN-VPOINT-08_AC99AEE7 | BCM-INFO-NET-AS - Baylor College of Medicine
> 376 | 132.208.25.111 | CA | 1246583663 x21C01339_C81F1805 | RISQ-AS - Reseau Interordinateurs Scientique Quebecois (RISQ)
> 2152 | 134.154.131.16 | US | 1246587776 xUU305-ASI2_285297A1 | CSUNET-NW - California State University Network
Thank you!
Gabe
- --
Gabriel Iovino
Principal Security Engineer, REN-ISAC
http://www.ren-isac.net
24x7 Watch Desk +1(317)278-6630
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.10 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iEYEARECAAYFAkpORxoACgkQwqygxIz+pTue1ACg3yHWWK7AvUQBWTnBYUW3HNe5
I7YAoOQbSiHSOgst7T/MvhABTLAEmxVT
=Zlix
-----END PGP SIGNATURE-----
More information about the nsp-security
mailing list