[nsp-sec] [ACK+Info] HTTP Bot C&C Hits - 2009-06-15
Scott A. McIntyre
scott at xs4all.net
Wed Jun 17 10:08:34 EDT 2009
On Jun 16, 2009, at 15:31 , Tim Wilde wrote:
> ----------- nsp-security Confidential --------
>
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Greetings everyone!
>
> We have received a list of approximately 120,000 IPs that were seen
> fetching a page of encrypted command and control content via HTTP
> from a
> major hosting provider within an approximately 36 hour period ending
> yesterday afternoon. That provider does not want to be named, but has
> asked us to distribute this data to our contacts so that they can
> identify the bots within their networks.
Ack on this for 286/3265/5417/5615/8737 and friends, but of more
potential interest was that all of our customers which we had (albeit
not a lot) with this malware were schools.
May provide insight for others as to infection vectors or may simply
be random trivia you should now forget.
Scott A. McIntyre
XS4ALL Internet B.V.
More information about the nsp-security
mailing list