[nsp-sec] namespace4u.de
John Fraizer
john at op-sec.us
Fri Mar 27 09:04:57 EDT 2009
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Hi Team,
I've got several hundred hosts that decided that they wanted to start
beating up on namespace4you.de on Thursday. They were doing several
thousand queries a second for [random].namespace4u.de.
We eventually set up a view that returned 127.0.0.1 for
*.namespace4you.de to these hosts at which time, they changed to
[random].edgewebhosting.net.
Does anyone have any idea what malware I'm dealing with here?
Thanks,
John
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (GNU/Linux)
Comment: Using GnuPG with PCLinuxOS - http://enigmail.mozdev.org
iD8DBQFJzM75+16lRpJszIgRAhH5AJ9+YJb5XE/BRVzNF9tm6u+YcuSXQACdF7Eg
hyhABxD66E0K1KBKLwSzqh0=
=90kR
-----END PGP SIGNATURE-----
More information about the nsp-security
mailing list