[nsp-sec] ZeuS botnet (s288421667.onlinehome.us)
Tarmo Randel
tarmo.randel at cert.ee
Wed Jun 10 01:59:11 EDT 2009
Hello Dirk,
ACK for:
3249 | 217.159.146.76 | EE | 1244296971 merle_7abb30b0f_0a732eae |
ESTPAK Elion Enterprises Ltd.
3249 | 84.50.167.103 | EE | 1244304508 xp_6ba85791265c_00d044f4 |
ESTPAK Elion Enterprises Ltd.
3249 | 84.50.18.30 | EE | 1244297091 kasutaja_2c6f9c_01e78c5c |
ESTPAK Elion Enterprises Ltd.
3249 | 90.191.234.181 | EE | 1244460566 kodu_1a_2ada036d | ESTPAK
Elion Enterprises Ltd.
> please find attached a list of ~10k drones which used
> s288421667.onlinehome.us as a proxy for a ZeuS controller
> (next backend hop: http://www.sell-ads.cn/a1b8/s.php)
>
> Format is: ... | <epoch last seen> <uniq bot id (zip)> | ...
>
> kind regards, Dirk Stander (1&1) :.
Thank you!
--
Tarmo Randel
CERT-EE
--
mobile://37253005773
msn://tarmo.randel@mail.ee
skype://zyxtarmo
More information about the nsp-security
mailing list