[nsp-sec] Mebroot/Torpig (AS 13618, 23498, 32475)
Krista Hickey
Krista.Hickey at cogeco.com
Fri Mar 27 16:10:47 EDT 2009
Hi Tom
Apologies for the ongoing issues with 74.213.179.173 and AS 23498 -- I
don't mean to make excuses but AS23498 is a new acquisition of for
Cogeco and it's being operated as a separate entity so I'm having some
"challenges" getting things done right now but I promise I am yelling
and screaming...I just simply do not have access to that system to do
anything but I am working on some alternate avenues right now so please
continue to forward me any information.
Thanks
Krista
7992
> -----Original Message-----
> From: nsp-security-bounces at puck.nether.net [mailto:nsp-security-
> bounces at puck.nether.net] On Behalf Of Tom Fischer
> Sent: Wednesday, March 25, 2009 6:30 AM
> To: nsp-security at puck.nether.net
> Subject: [nsp-sec] Mebroot/Torpig (AS 13618, 23498, 32475)
>
> ----------- nsp-security Confidential --------
>
> Hi,
>
> please help to nuke/null route the following Mebroot/Torpig hosts:
>
>
> Mebroot:
> --------
> bsgigeic.com
> 2009-03-23 22:10:32 2009-03-25 10:17:56 bsgigeic.com A 65.60.42.10
> 2009-03-23 22:10:32 2009-03-25 10:17:56 bsgigeic.com NS
ns1.everydns.net
> 2009-03-23 22:10:32 2009-03-25 10:17:56 bsgigeic.com NS
ns2.everydns.net
> 2009-03-23 22:10:32 2009-03-25 10:17:56 bsgigeic.com NS
ns3.everydns.net
> 2009-03-23 22:10:32 2009-03-25 10:17:56 bsgigeic.com NS
ns4.everydns.net
>
> AS | IP | AS Name
> 32475 | 65.60.42.10 | SINGLEHOP-INC - SingleHop
>
> PEER_AS | IP | AS Name
> 6461 | 65.60.42.10 | MFNX MFN - Metromedia Fiber Network
> 23352 | 65.60.42.10 | SERVERCENTRAL - Server Central Network
>
>
> Torpig:
> -------
> flippibi.com/rikora.com/pinakola.com
> 2009-03-09 08:27:59 2009-03-25 10:01:00 flippibi.com A 69.59.26.51
> 2009-03-09 08:27:38 2009-03-25 10:20:57 rikora.com A 69.59.26.51
> 2009-03-09 08:27:48 2009-03-25 10:20:57 pinakola.com A 69.59.26.51
>
> AS | IP | AS Name
> 13618 | 69.59.26.51 | CARONET-ASN - Carolina Internet
>
> PEER_AS | IP | AS Name
> 3356 | 69.59.26.51 | LEVEL3 Level 3 Communications
> 4323 | 69.59.26.51 | TWTC - tw telecom holdings, inc.
> 7018 | 69.59.26.51 | ATT-INTERNET4 - AT&T WorldNet Services
>
>
> nvdhtram.biz
> 2009-03-24 13:39:21 2009-03-25 10:14:05 nvdhtram.biz A 76.76.22.199
> 2009-03-23 08:08:37 2009-03-25 10:23:17 nvdhtram.biz NS
ns1.everydns.net
> 2009-03-23 08:08:37 2009-03-25 10:23:17 nvdhtram.biz NS
ns2.everydns.net
> 2009-03-23 08:08:37 2009-03-25 10:23:17 nvdhtram.biz NS
ns3.everydns.net
> 2009-03-23 08:08:37 2009-03-25 10:23:17 nvdhtram.biz NS
ns4.everydns.net
>
> AS | IP | AS Name
> 13618 | 76.76.22.199 | CARONET-ASN - Carolina Internet
>
> PEER_AS | IP | AS Name
> 3356 | 76.76.22.199 | LEVEL3 Level 3 Communications
> 4323 | 76.76.22.199 | TWTC - tw telecom holdings, inc.
> 7018 | 76.76.22.199 | ATT-INTERNET4 - AT&T WorldNet Services
>
>
> 74.213.179.173
>
> AS | IP | AS Name
> 23498 | 74.213.179.173 | CDSI - Cogeco Data Services Inc.
>
> PEER_AS | IP | AS Name
> 852 | 74.213.179.173 | ASN852 - Telus Advanced Communications
> 7992 | 74.213.179.173 | COGECOWAVE - Cogeco Cable
> 19752 | 74.213.179.173 | HYDROONETELECOM - Hydro One Telecom Inc.
>
> --
> Tom Fischer
> BFK edv-consulting GmbH tel: +49 721 962 01-1
> Kriegsstr. 100, D-76133 Karlsruhe fax: +49 721 962 01-99
>
>
> _______________________________________________
> nsp-security mailing list
> nsp-security at puck.nether.net
> https://puck.nether.net/mailman/listinfo/nsp-security
>
> Please do not Forward, CC, or BCC this E-mail outside of the
nsp-security
> community. Confidentiality is essential for effective Internet
security counter-
> measures.
> _______________________________________________
More information about the nsp-security
mailing list