[nsp-sec] again: compromised websites (torpig)
Rodolfo Baader
rbaader at arcert.gov.ar
Wed May 13 18:09:15 EDT 2009
Hi!
ACK for AR ASNs: 7303, 10318, 10834, 11311, 16814, 18747, 27823
Notifications were sent to the abuse/noc departments.
#Details:
#TOTAL ASN Argentina: 7
#TOTAL IPs Argentina: 15
#ip/domain - ASN
7 - 27823
3 - 10318
1 - 7303
1 - 10834
1 - 11311
1 - 16814
1 - 18747
R.
Dirk Stander wrote:
> ----------- nsp-security Confidential --------
>
>
>
> ------------------------------------------------------------------------
>
> Hi,
>
> please find attached a list of websites with injected javascript
> pointing to various mebroot/torpig infection domains. There
> should be no intersections with yesterdays list.
>
> I'm relaying this to nsp-sec by courtesey of the Computer Security
> Group at the University of California at Santa Barbara.
>
> The format is:
> <ASN> | <IP> | <CC> | <normalized domain> <epoch first seen> <uniq IPs> <sample URI> | <AS name>
>
> with kind regards, Dirk Stander (1&1) :.
>
>
> ------------------------------------------------------------------------
>
>
>
> _______________________________________________
> nsp-security mailing list
> nsp-security at puck.nether.net
> https://puck.nether.net/mailman/listinfo/nsp-security
>
> Please do not Forward, CC, or BCC this E-mail outside of the nsp-security
> community. Confidentiality is essential for effective Internet security counter-measures.
> _______________________________________________
More information about the nsp-security
mailing list