[nsp-sec] ZeuS botnet (s288421667.onlinehome.us)
Gabriel Iovino
giovino at ren-isac.net
Wed Jun 10 09:43:47 EDT 2009
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Dirk Stander wrote:
> please find attached a list of ~10k drones which used
> s288421667.onlinehome.us as a proxy for a ZeuS controller
> (next backend hop: http://www.sell-ads.cn/a1b8/s.php)
>
> Format is: ... | <epoch last seen> <uniq bot id (zip)> | ...
Sanitized notifications will be sent to the following:
> 237 | 141.218.166.104 | US | 1244295940 d37t7181_805_c92dc1b5 | MERIT-AS-14 - Merit Network Inc.
> 2381 | 198.150.94.72 | US | 1244296716 4115_lmark_90378602 | WISCNET1-AS - WiscNet
> 5078 | 156.110.235.121 | US | 1244297826 wks_office_4954e1e9 | ONENET-AS-1 - Oklahoma Network for Education Enrichment and
> 7018 | 207.54.226.2 | US | 1244465978 jsutt_laptop_000daa77 | ATT-INTERNET4 - AT&T WorldNet Services
> 7377 | 132.239.102.172 | US | 1244476407 psych102_172_00059a63 | UCSD - University of California at San Diego
> 15199 | 140.160.112.163 | US | 1244298699 huxfdn_01_0a57a954 | WESTERN-WASHINGTON-UNIVERSITY - Western Washington University
> 21976 | 130.156.101.3 | US | 1244461724 registrar_02_09428768 | NJEDGE-NET - NJEDge.Net, Inc.
> 27282 | 198.187.233.249 | US | 1244296627 auxs3928_038095c1 | ASNIC - North Idaho College
> 31886 | 131.104.246.156 | CA | 1244298901 lindabhan_054a07b6 | UOGUELPH - University of Guelph
Thank you.
Gabe
- --
Gabriel Iovino
Principal Security Engineer, REN-ISAC
http://www.ren-isac.net
24x7 Watch Desk +1(317)278-6630
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.10 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iEYEARECAAYFAkovuJMACgkQwqygxIz+pTsFPwCgmPNz/Y4qa8Vmo+SvfErB0YJW
g5AAoMlopGUtTfDSCNTkL7nHnUfna0sz
=kyia
-----END PGP SIGNATURE-----
More information about the nsp-security
mailing list