[nsp-sec] Mebroot/Torpig (AS 13618, 15083, 23498)
Tom Fischer
tfischer at bfk.de
Fri Mar 13 11:18:56 EDT 2009
Hi,
I need help to nuke the following Mebroot/Torpig hosts:
Mebroot:
2009-03-10 09:02:27 2009-03-13 15:16:07 igukxcdu.biz A 74.213.179.112
2009-03-10 09:02:27 2009-03-13 15:16:07 igukxcdu.biz NS ns1.dns-diy.net
2009-03-10 09:02:27 2009-03-13 15:16:07 igukxcdu.biz NS ns2.dns-diy.net
AS | IP | AS Name
23498 | 74.213.179.112 | CDSI - Cogeco Data Services Inc.
PEER_AS | IP | AS Name
852 | 74.213.179.112 | ASN852 - Telus Advanced Communications
7992 | 74.213.179.112 | COGECOWAVE - Cogeco Cable
19752 | 74.213.179.112 | HYDROONETELECOM - Hydro One Telecom Inc.
Torpig:
2009-03-09 08:27:26 2009-03-13 15:14:28 mvhgqram.biz NS ns1.dns-diy.net
2009-03-09 08:27:26 2009-03-13 15:14:28 mvhgqram.biz NS ns2.dns-diy.net
2009-03-09 08:27:26 2009-03-13 15:14:29 mvhgqram.biz A 69.59.26.51
AS | IP | AS Name
13618 | 69.59.26.51 | CARONET-ASN - Carolina Internet
PEER_AS | IP | AS Name
3356 | 69.59.26.51 | LEVEL3 Level 3 Communications
4323 | 69.59.26.51 | TWTC - tw telecom holdings, inc.
7018 | 69.59.26.51 | ATT-INTERNET4 - AT&T WorldNet Services
Torpig drop:
200.35.150.100
AS | IP | AS Name
15083 | 200.35.150.100 | INFOLINK-MIA-US - Infolink Information Services Inc.
PEER_AS | IP | AS Name
3549 | 200.35.150.100 | GBLX Global Crossing Ltd.
--
Tom Fischer
BFK edv-consulting GmbH tel: +49 721 962 01-1
Kriegsstr. 100, D-76133 Karlsruhe fax: +49 721 962 01-99
More information about the nsp-security
mailing list