[nsp-sec] The Planet: irc.amiria.net known C&C?
Peter Peters
P.G.M.Peters at utwente.nl
Mon May 25 07:56:39 EDT 2009
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Hi,
I am helping a company whos IIS webserver seems to be compromised. It
has been scanning last couple of days. So if somebody has seen scans
from 80.89.232.220, we are onto it.
The administrator can't find anything wrong on the system. But when it
restarts it tries to resolve irc.amiria.net and make a connection on
port 6667 (and others) on that system. I am asking the provider to make
a dump of the traffic from and to the IRC server.
- --
Peter Peters, Teamleider Unix/Linux/Storage
ICT-Servicecentrum
Universiteit Twente, Postbus 217, 7500 AE Enschede
Telefoon 053 489 2301, Fax 053 489 2383,
P.G.M.Peters at utwente.nl, http://www.utwente.nl/icts
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iD8DBQFKGod1elLo80lrIdIRArr7AJ4y1CJNplYwzwXdYI4qEnZQxfbFrgCgpmna
0JHjMMcQbmqg6vvBnhcUK9I=
=VfZ8
-----END PGP SIGNATURE-----
More information about the nsp-security
mailing list