[nsp-sec] ACK: ZeuS botnet (s288421667.onlinehome.us)
Rodolfo Baader
rbaader at arcert.gov.ar
Thu Jun 11 12:30:56 EDT 2009
Hi!
ACK for AR ASNs:
7303
10318
10481
19037
19889
20207
20321
22927
Notifications were sent to the abuse/noc departments.
*--------------------------------
Details:
#TOTAL ASN Argentina: 8
#TOTAL IPS Argentina: 18 total
6 asn_22927
5 asn_7303
2 asn_10318
1 asn_20321
1 asn_20207
1 asn_19889
1 asn_19037
1 asn_10481
*--------------------------------
R.
Dirk Stander wrote:
> ----------- nsp-security Confidential --------
>
>
>
> ------------------------------------------------------------------------
>
> Hi,
>
> please find attached a list of ~10k drones which used
> s288421667.onlinehome.us as a proxy for a ZeuS controller
> (next backend hop: http://www.sell-ads.cn/a1b8/s.php)
>
> Format is: ... | <epoch last seen> <uniq bot id (zip)> | ...
>
> kind regards, Dirk Stander (1&1) :.
>
>
> ------------------------------------------------------------------------
>
>
>
> _______________________________________________
> nsp-security mailing list
> nsp-security at puck.nether.net
> https://puck.nether.net/mailman/listinfo/nsp-security
>
> Please do not Forward, CC, or BCC this E-mail outside of the nsp-security
> community. Confidentiality is essential for effective Internet security counter-measures.
> _______________________________________________
More information about the nsp-security
mailing list