[nsp-sec] DNS DDoS against Softlayer
Tom Daly
tom at dyn-inc.com
Fri May 29 09:30:22 EDT 2009
> We, KrCERT, found a malware at 165.194.192.150.(in the
> "asninfo-20090520.txt")
> It was infected by a Netbot DDoS agent.(TxmethD.dll)
> We don't have a evidence that it attacked your servers, but Netbot can
> launch the UDP fragment attack.(see the attachment)
>
> C&C : 66.as000.org (112.121.163.173)
> Windows Services :
> * Name : MediaCenter
> * DisplayName : MS Media Control Center
> * ServiceDll : C:\WINDOWS\system32\TxmethD.dll
> http://www.virustotal.com/en/analisis/d13f4c110ad5e5661b465891efffd42258596f4ead4a24a9b9e1e9770fb0b250-1243588637
>
> We will ask major Korea ISPs to block the C&C(66.as000.org) ASAP.
Young-Baek,
That's a huge help for us. Thank you for all of your work!
Regards,
Tom Daly
--
Tom Daly
Dynamic Network Services, Inc.
P: +1-603-296-1537
http://dynamicnetworkservices.com/
More information about the nsp-security
mailing list