[nsp-sec] 41,000+ likely Bifrose infections

Gabriel Iovino giovino at ren-isac.net
Tue Jun 2 09:17:28 EDT 2009 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Paul Dokas wrote:
> I suspect that there is a good chance that all of these hosts have
> some form of malware on them.
> 
>   https://asn.cymru.com/nsp-sec/upload/1243876952.whois.txt

Sanitized notifications have been sent to the following:

> 237     | 204.38.101.7     | 2009-06-01 00:31:33.292 9 | MERIT-AS-14 - Merit Network Inc.
> 237     | 204.38.106.3     | 2009-06-01 02:12:27.128 6 | MERIT-AS-14 - Merit Network Inc.
> 2152    | 139.182.13.178   | 2009-06-01 00:24:24.068 9 | CSUNET-NW - California State University Network
> 2152    | 205.155.232.183  | 2009-06-01 00:58:46.595 3 | CSUNET-NW - California State University Network
> 2572    | 204.184.214.1    | 2009-06-01 03:02:20.781 4 | MORENET - Missouri Research and Education Network (MOREnet)
> 3464    | 207.157.42.2     | 2009-06-01 00:46:57.559 7 | ASC-NET - Alabama Supercomputer Network
> 3701    | 198.237.103.97   | 2009-06-01 00:32:18.241 3 | SAFARICOM Safaricom
> 6122    | 207.28.221.102   | 2009-06-01 00:02:19.981 3 | ICN-AS - Iowa Communications Network
> 6389    | 150.104.192.203  | 2009-06-01 01:57:46.452 3 | BELLSOUTH-NET-BLK - BellSouth.net Inc.
> 6389    | 150.176.174.100  | 2009-06-01 00:59:02.445 3 | BELLSOUTH-NET-BLK - BellSouth.net Inc.
> 6389    | 169.139.1.20     | 2009-06-01 00:41:53.856 12 | BELLSOUTH-NET-BLK - BellSouth.net Inc.
> 6510    | 128.187.186.108  | 2009-06-01 00:28:24.679 4 | BYU - Brigham Young University
> 6510    | 128.187.191.217  | 2009-06-01 00:30:01.353 4 | BYU - Brigham Young University
> 7014    | 160.7.242.253    | 2009-06-01 03:35:26.202 3 | XO-AS7014 - XO Communications
> 7925    | 168.216.26.186   | 2009-06-01 02:05:47.647 3 | WVNET - West Virginia Network for Educational Telecomputing
> 7925    | 168.216.87.98    | 2009-06-01 01:06:08.989 6 | WVNET - West Virginia Network for Educational Telecomputing
> 13865   | 198.188.162.97   | 2009-06-01 00:25:46.939 3 | HLPUSD-NET - Hacienda La Puente Unified School District
> 14213   | 205.155.51.2     | 2009-06-01 00:58:14.180 8 | MONTEREY-BAY-K12 - Monterey County Office of Education
> 16649   | 164.42.186.92    | 2009-06-01 01:15:22.031 6 | IUPR-AS - Interamerican University of Puerto Rico
> 22739   | 74.214.64.33     | 2009-06-01 01:06:19.135 6 | BYU-H - Brigham Young University Hawaii

Thank you.

Gabe

- --
Gabriel Iovino
Principal Security Engineer, REN-ISAC
http://www.ren-isac.net
24x7 Watch Desk +1(317)278-6630
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.10 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iEYEARECAAYFAkolJmgACgkQwqygxIz+pTvzdgCg1a39BO4LcDN07y+OXh2LjhoI
aRgAoNl9cf2Y6YwB/lTIbjSfiWqNZA4I
=EgLj
-----END PGP SIGNATURE-----

More information about the nsp-security mailing list