[nsp-sec] ACK: buzus infected drones
Rodolfo Baader
rbaader at arcert.gov.ar
Fri Jul 31 13:24:24 EDT 2009
Hi!
ACK for AR ASNs:
3449
3549
7049
7303
7908
10277
10318
10481
10834
11014
11193
11311
11315
11664
12150
13585
14232
15034
15078
16732
16814
17069
17401
19037
20207
22080
22927
27747
27751
27813
27818
27822
27833
27879
27934
27940
27955
27960
27984
27987
28009
28015
28026
Notifications were sent to the abuse/noc departments.
R.
Dirk Stander wrote:
> ----------- nsp-security Confidential --------
>
> ------------------------------------------------------------------------
>
> Hi,
>
> please find attached a summary of ASNs with drones showing signs of
> a buzus infection. The drones downloaded the following files during
> the last two weeks from travelthegreenway.com
> http://www.virustotal.com/analisis/97b454b4bd0fe4389aab386b826e2caccc89f0034701f69071a4ac739420fb87-1248722899
> http://www.virustotal.com/analisis/ed6bc4e5a1a19f4afe35441a07841001fef70e43582022c24eaa04a03f8a1488-1248709108
>
> The complete list (~80MB size, ~1M IPs) is here:
> https://www.cymru.com/nsp-sec/Owned/buzus-distinct.cymru.txt
>
> Format:
> <ASN> | <IP> | <CC> | <epoch last seen> | <AS name>
>
> Format of the summary:
> <nr of IPs> <ASN> | <IP> | <CC> | <AS name>
>
> kind regards, Dirk Stander (1&1) :.
>
>
> ------------------------------------------------------------------------
>
>
>
> _______________________________________________
> nsp-security mailing list
> nsp-security at puck.nether.net
> https://puck.nether.net/mailman/listinfo/nsp-security
>
> Please do not Forward, CC, or BCC this E-mail outside of the nsp-security
> community. Confidentiality is essential for effective Internet security counter-measures.
> _______________________________________________
More information about the nsp-security
mailing list