[nsp-sec] malware site and C&C's on port 9191
SURFcert - Peter
p.g.m.peters at utwente.nl
Tue Jun 2 16:51:14 EDT 2009
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Hi,
I am helping somebody cleaning up a compromised host. At this moment I
have found the host gets its malware from:
hxxp://www .raindrip .com/cms/c.txt
After compiling it runs the program and tries to connect to port 9191 on
a number of hosts:
209-20-65-73.slicehost.net
207.213.245.215
76.9.0.102
h-74-3-40-137-static.lsanca54.covad.net
- --
Peter Peters
SURFcert Officer off Duty
cert at surfnet.nl http://cert.surfnet.nl/
office-hours: +31 302 305 305 emergency (24/7): +31 622 923 564
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iD8DBQFKJZDCelLo80lrIdIRAm07AJ9amBX4dTkp4CzlPYYsjhbo/TVpFwCfYfHb
k48hB26aWrgMRhHeje65tK0=
=1DdK
-----END PGP SIGNATURE-----
More information about the nsp-security
mailing list