[nsp-sec] ACK AS852 - RE: 41,000+ likely Bifrose infections
Chris Calvert
Chris.Calvert at telus.com
Mon Jun 1 17:52:16 EDT 2009
ACK for AS852.
Chris
> -----Original Message-----
> From: nsp-security-bounces at puck.nether.net
> [mailto:nsp-security-bounces at puck.nether.net] On Behalf Of Paul Dokas
> Sent: Monday, June 01, 2009 11:32 AM
> To: NSP-SEC
> Subject: [nsp-sec] 41,000+ likely Bifrose infections
>
> ----------- nsp-security Confidential --------
>
> One of our users complained last Friday about an inbound DoS
> attack against
> one of their web servers (https://128.101.65.204/). Looking
> over the logs,
> we found that tons of hosts from all over the world were
> hitting the HTTPS
> front page, but not trying to login at all. Thanks to RobT
> and his remarkable
> malware database, he was able to tell me that there are
> variants of Bifrose
> that are using this site to check for Internet connectivity.
More information about the nsp-security
mailing list