[nsp-sec] Anyone seeing any "packet love/DOS" heading for 64.75.15.144?
Florian Weimer
fweimer at bfk.de
Fri May 8 03:22:36 EDT 2009
* Nathan Janish:
> 129.176.151.25 has been a Mebroot/Torpig bot since at least 2009-02-24
> I'm in touch with the owner of 129.176.151.25, can anyone provide more details?
I picked one event more or less arbitrarily, at 2009-05-05T15:02:32Z.
Source was 129.176.151.25, port 49400, destination was 87.177.205.144,
port 80. The host header field contain "bdeugyam.com", and there was
an "X-BlueCoat-Via: 7C2B0128A4D9C6BA" header field in the request.
Presumably, the latter will help with tracking down this infection.
--
Florian Weimer <fweimer at bfk.de>
BFK edv-consulting GmbH http://www.bfk.de/
Kriegsstraße 100 tel: +49-721-96201-1
D-76133 Karlsruhe fax: +49-721-96201-99
More information about the nsp-security
mailing list