[nsp-sec] W32.silon drones
Gabriel Iovino
giovino at ren-isac.net
Tue Nov 3 12:03:02 EST 2009
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Dirk Stander wrote:
> please find attached a list of ~900 drones infected with a banking
> trojan dubbed as silon (http://www.trusteer.com/webform/w32silon-malware-analysis)
>
> The data is from a DNS-based sinkhole (ow2erdf.com, 217.160.7.166:80)
> and the format of the list is:
> ... | <source port> <time last seen (GMT)> <bot id> | ...
Sanitized notifications have been sent to the following:
> 11131 | 130.85.232.127 | US | 1084 2009-11-02 06:32:02 HASHMATHUSAIN_86EFE56 | UMBC-AS - University of Maryland Baltimore County (UMBC)
Thank you.
Gabe
- --
Gabriel Iovino
Principal Security Engineer, REN-ISAC
http://www.ren-isac.net
24x7 Watch Desk +1(317)278-6630
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
iEYEARECAAYFAkrwYkYACgkQwqygxIz+pTvMxQCgoS/ZIGMttEW2TcJYymsigjco
O5kAoIo6ej6tOFFTViAcNRdhUyWSgpMV
=KZHL
-----END PGP SIGNATURE-----
More information about the nsp-security
mailing list