[nsp-sec] Mebroot/Torpig (AS 13618, 23498, 32475)

Tom Fischer tfischer at bfk.de
Wed Mar 25 06:29:30 EDT 2009 

Hi,

please help to nuke/null route the following Mebroot/Torpig hosts:


Mebroot:
--------
bsgigeic.com
2009-03-23 22:10:32 2009-03-25 10:17:56 bsgigeic.com A 65.60.42.10  
2009-03-23 22:10:32 2009-03-25 10:17:56 bsgigeic.com NS ns1.everydns.net  
2009-03-23 22:10:32 2009-03-25 10:17:56 bsgigeic.com NS ns2.everydns.net  
2009-03-23 22:10:32 2009-03-25 10:17:56 bsgigeic.com NS ns3.everydns.net  
2009-03-23 22:10:32 2009-03-25 10:17:56 bsgigeic.com NS ns4.everydns.net 

AS      | IP               | AS Name
32475   | 65.60.42.10      | SINGLEHOP-INC - SingleHop

PEER_AS | IP               | AS Name
6461    | 65.60.42.10      | MFNX MFN - Metromedia Fiber Network
23352   | 65.60.42.10      | SERVERCENTRAL - Server Central Network


Torpig:
-------
flippibi.com/rikora.com/pinakola.com
2009-03-09 08:27:59 2009-03-25 10:01:00 flippibi.com A 69.59.26.51  
2009-03-09 08:27:38 2009-03-25 10:20:57 rikora.com A 69.59.26.51  
2009-03-09 08:27:48 2009-03-25 10:20:57 pinakola.com A 69.59.26.51  

AS      | IP               | AS Name
13618   | 69.59.26.51      | CARONET-ASN - Carolina Internet

PEER_AS | IP               | AS Name
3356    | 69.59.26.51      | LEVEL3 Level 3 Communications
4323    | 69.59.26.51      | TWTC - tw telecom holdings, inc.
7018    | 69.59.26.51      | ATT-INTERNET4 - AT&T WorldNet Services


nvdhtram.biz
2009-03-24 13:39:21 2009-03-25 10:14:05 nvdhtram.biz A 76.76.22.199  
2009-03-23 08:08:37 2009-03-25 10:23:17 nvdhtram.biz NS ns1.everydns.net  
2009-03-23 08:08:37 2009-03-25 10:23:17 nvdhtram.biz NS ns2.everydns.net  
2009-03-23 08:08:37 2009-03-25 10:23:17 nvdhtram.biz NS ns3.everydns.net  
2009-03-23 08:08:37 2009-03-25 10:23:17 nvdhtram.biz NS ns4.everydns.net  

AS      | IP               | AS Name
13618   | 76.76.22.199     | CARONET-ASN - Carolina Internet

PEER_AS | IP               | AS Name
3356    | 76.76.22.199     | LEVEL3 Level 3 Communications
4323    | 76.76.22.199     | TWTC - tw telecom holdings, inc.
7018    | 76.76.22.199     | ATT-INTERNET4 - AT&T WorldNet Services


74.213.179.173

AS      | IP               | AS Name
23498   | 74.213.179.173   | CDSI - Cogeco Data Services Inc.

PEER_AS | IP               | AS Name
852     | 74.213.179.173   | ASN852 - Telus Advanced Communications
7992    | 74.213.179.173   | COGECOWAVE - Cogeco Cable
19752   | 74.213.179.173   | HYDROONETELECOM - Hydro One Telecom Inc.

-- 
Tom Fischer
BFK edv-consulting GmbH                  tel: +49 721 962 01-1
Kriegsstr. 100, D-76133 Karlsruhe        fax: +49 721 962 01-99

More information about the nsp-security mailing list