[nsp-sec] again: compromised websites (torpig)
Gabriel Iovino
giovino at ren-isac.net
Wed May 13 10:54:58 EDT 2009
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Dirk Stander wrote:
> Hi,
>
> please find attached a list of websites with injected javascript
> pointing to various mebroot/torpig infection domains. There
> should be no intersections with yesterdays list.
>
> I'm relaying this to nsp-sec by courtesey of the Computer Security
> Group at the University of California at Santa Barbara.
>
> The format is:
> <ASN> | <IP> | <CC> | <normalized domain> <epoch first seen> <uniq IPs> <sample URI> | <AS name>
Sanitized notifications will be sent for the following:
> 81 | 150.216.70.237 | US | portfolio.coe.ecu.edu 1241729938 1 http://portfolio.coe.ecu.edu/students/smm0601/ | NCREN - MCNC
> 3933 | 198.236.87.127 | US | ddhs.ddouglas.k12.or.us 1241798212 1 http://ddhs.ddouglas.k12.or.us/staff/teachers/Hadley_Jawanza/ | OPEN - Oregon Public Education Network
> 6389 | 169.139.221.30 | US | faculty.mccfl.edu 1241216192 1 http://faculty.mccfl.edu/itkina/home.htm | BELLSOUTH-NET-BLK - BellSouth.net Inc.
Thank you!
Gabe
- --
Gabriel Iovino
Principal Security Engineer, REN-ISAC
http://www.ren-isac.net
24x7 Watch Desk +1(317)278-6630
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.10 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iEYEARECAAYFAkoK30IACgkQwqygxIz+pTu/RQCgj0FX0CkSCIK1uJ0iKH7ssI1I
c2EAn3/Q0QzvewP9IjfWl4jhmN0/JxTp
=7Daq
-----END PGP SIGNATURE-----
More information about the nsp-security
mailing list