[nsp-sec] Koobface infected machines - 653 ips
Anders Hardangen
anders at nsm.stat.no
Mon Nov 9 15:25:23 EST 2009
Trying .txt instead of .csv as it seems to have stripped it of.
Best regards
Anders
Anders Hardangen wrote:
>
> Greetings nsp-sec,
>
> We received reports of a Koobface proxy hosted in Norway and was able to
> get some logs off the server. Attached you will find a CSV file
> containing IPs who has made a connection to this proxy, along with the
> HTTP request that was made.
>
> The proxy was up at www.bislettgames.com (213.158.233.142), and was shut
> down at november 6th. Requests being made to this server was proxied to
> capthcabreak.com (67.212.69.230).
>
> Best regards
> Anders Hardangen
> NorCERT
-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: koobface-infected.txt
URL: <https://puck.nether.net/mailman/private/nsp-security/attachments/20091109/ad1e442f/attachment-0001.txt>
More information about the nsp-security
mailing list