[nsp-sec] FW: Eircom issues
Rob Thomas
robt at cymru.com
Tue Jul 14 10:33:46 EDT 2009
Florian Weimer wrote:
> * Rob Thomas:
>
>> We see HTTP C&Cs hosted on 69.64.147.242 as far back as 2009-04-28
>> 06:37:47 UTC and as recently as 2009-05-12 09:30:18 UTC.
>
> This is caused by malware which embeds domain names which have
> subsequently been taken over by typosquatters and parked at that
> ENOM-hosted service, right?
Most probably, yes.
--
Rob Thomas
Team Cymru Research NFP
https://www.team-cymru.org/
cmn_err(CEO_PANIC, "Out of coffee!");
More information about the nsp-security
mailing list