[nsp-sec] identity theft c&c (AS 48841, 49017, 44050, 8492)
Tom Fischer
tfischer at bfk.de
Fri May 29 11:50:58 EDT 2009
Hi,
please help to null route 94.232.248.61 which is used to distribute
identity theft malware and to command&control infected systems.
2009-04-24 22:00:21 2009-05-29 10:23:02 aboutmmgftf.com A 94.232.248.61
AS | IP | AS Name
48841 | 94.232.248.61 | EUROHOST-AS Eurohost LLC
PEER_AS | IP | AS Name
49017 | 94.232.248.61 | TPIC-AS Baltic Center of Innovations TechPromInvest LTD
malware:
hxxp://aboutmmgftf.com/sss/ferfrefref5.exe
hxxp://aboutmmgftf.com/sss/erfrefrefre3.exe
hxxp://aboutmmgftf.com/sss/vv.exe
c&c:
hxxp://aboutmmgftf.com/horrmo3/data.php
hxxp://aboutmmgftf.com/kits5/data.php
[...]
--
Tom Fischer
BFK edv-consulting GmbH tel: +49 721 962 01-1
Kriegsstr. 100, D-76133 Karlsruhe fax: +49 721 962 01-99
More information about the nsp-security
mailing list