[nsp-sec] ACK AS3356 - Re:Mebroot/Torpig (AS 13618, 15083, 23498)

David Rossbach david at rossbachs.com
Fri Mar 13 11:58:29 EDT 2009 

Ack 3356


Dave Rossbach
Level3 Communications
AS3356



----- Original Message ----- 
From: "Tom Fischer" <tfischer at bfk.de>
To: <nsp-security at puck.nether.net>
Sent: Friday, March 13, 2009 10:18 AM
Subject: [nsp-sec] Mebroot/Torpig (AS 13618, 15083, 23498)


> ----------- nsp-security Confidential --------
>
> Hi,
>
> I need help to nuke the following Mebroot/Torpig hosts:
>
> Mebroot:
> 2009-03-10 09:02:27 2009-03-13 15:16:07 igukxcdu.biz A 74.213.179.112
> 2009-03-10 09:02:27 2009-03-13 15:16:07 igukxcdu.biz NS ns1.dns-diy.net
> 2009-03-10 09:02:27 2009-03-13 15:16:07 igukxcdu.biz NS ns2.dns-diy.net
>
> AS      | IP               | AS Name
> 23498   | 74.213.179.112   | CDSI - Cogeco Data Services Inc.
> PEER_AS | IP               | AS Name
> 852     | 74.213.179.112   | ASN852 - Telus Advanced Communications
> 7992    | 74.213.179.112   | COGECOWAVE - Cogeco Cable
> 19752   | 74.213.179.112   | HYDROONETELECOM - Hydro One Telecom Inc.
>
> Torpig:
> 2009-03-09 08:27:26 2009-03-13 15:14:28 mvhgqram.biz NS ns1.dns-diy.net
> 2009-03-09 08:27:26 2009-03-13 15:14:28 mvhgqram.biz NS ns2.dns-diy.net
> 2009-03-09 08:27:26 2009-03-13 15:14:29 mvhgqram.biz A 69.59.26.51
>
> AS      | IP               | AS Name
> 13618   | 69.59.26.51      | CARONET-ASN - Carolina Internet
> PEER_AS | IP               | AS Name
> 3356    | 69.59.26.51      | LEVEL3 Level 3 Communications
> 4323    | 69.59.26.51      | TWTC - tw telecom holdings, inc.
> 7018    | 69.59.26.51      | ATT-INTERNET4 - AT&T WorldNet Services
>
> Torpig drop:
> 200.35.150.100
> AS      | IP               | AS Name
> 15083   | 200.35.150.100   | INFOLINK-MIA-US - Infolink Information 
> Services Inc.
> PEER_AS | IP               | AS Name
> 3549    | 200.35.150.100   | GBLX Global Crossing Ltd.
>
> -- 
> Tom Fischer
> BFK edv-consulting GmbH                  tel: +49 721 962 01-1
> Kriegsstr. 100, D-76133 Karlsruhe        fax: +49 721 962 01-99
>
>
> _______________________________________________
> nsp-security mailing list
> nsp-security at puck.nether.net
> https://puck.nether.net/mailman/listinfo/nsp-security
>
> Please do not Forward, CC, or BCC this E-mail outside of the nsp-security
> community. Confidentiality is essential for effective Internet security 
> counter-measures.
> _______________________________________________
>

More information about the nsp-security mailing list