[nsp-sec] ZeuS botnet (s288421667.onlinehome.us)
Marius Urkis
marius at litnet.lt
Thu Jun 11 05:15:20 EDT 2009
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
ACK 2847
thanks
Dirk Stander wrote:
> ----------- nsp-security Confidential --------
>
>
>
> ------------------------------------------------------------------------
>
> Hi,
>
> please find attached a list of ~10k drones which used
> s288421667.onlinehome.us as a proxy for a ZeuS controller
> (next backend hop: http://www.sell-ads.cn/a1b8/s.php)
>
> Format is: ... | <epoch last seen> <uniq bot id (zip)> | ...
>
> kind regards, Dirk Stander (1&1) :.
>
>
> ------------------------------------------------------------------------
>
>
>
> _______________________________________________
> nsp-security mailing list
> nsp-security at puck.nether.net
> https://puck.nether.net/mailman/listinfo/nsp-security
>
> Please do not Forward, CC, or BCC this E-mail outside of the nsp-security
> community. Confidentiality is essential for effective Internet security counter-measures.
> _______________________________________________
- --
Marius
=============================
Marius Urkis
LITNET CERT
http://cert.litnet.lt
Tel: +370 37 300645
GSM: +370 687 79059
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iD8DBQFKMMsoHS98nbdNAJwRAi8gAJ9g4BsQyM17gkFOgKV1gBJz25JF7gCaAhBJ
vHCV2s3/HalPs3b5ZrIiPPE=
=RumW
-----END PGP SIGNATURE-----
More information about the nsp-security
mailing list