[nsp-sec] identity theft c&c (AS 24400, 9808)
Scott A. McIntyre
scott at xs4all.net
Mon May 11 12:01:43 EDT 2009
Hi,
On May 11, 2009, at 17:43 , Rob Thomas wrote:
> ----------- nsp-security Confidential --------
>
> Hey, Tom.
>
>> moved from 122.225.36.35 to 221.130.192.79
>
>
[ snip ]
> 2009-05-04 13:59:48 | fr4nk1n.cn | 221.130.192.79
This was the name being used by the malware that my customers were
running for the attack mentioned by Hillar on 9 May.
Specifically:
<hxxp:// fr4nk1n . cn/adm/getcfg.php>
Regards,
Scott A. McIntyre
XS4ALL Internet B.V.
More information about the nsp-security
mailing list