[nsp-sec] Koobface infected machines - 653 ips
Gabriel Iovino
giovino at ren-isac.net
Mon Nov 9 16:38:56 EST 2009
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Anders Hardangen wrote:
>> We received reports of a Koobface proxy hosted in Norway and was able to
>> get some logs off the server. Attached you will find a CSV file
>> containing IPs who has made a connection to this proxy, along with the
>> HTTP request that was made.
Sanitized notifications have been sent to the following:
> "2009-11-04 17:44:30 +0100","131.104.138.111",,31886,"CA","GET /.sys/?getexe=ff2ie.exe HTTP/1.1"
> "2009-11-05 15:23:55 +0100","150.134.221.99",,3112,"US","GET /.sys/?getexe=fb.73.exe HTTP/1.1"
> "2009-11-05 18:12:58 +0100","168.18.235.165",,3479,"US","GET /.sys/?getexe=fb.73.exe HTTP/1.1"
> "2009-11-06 04:55:12 +0100","160.10.120.178",,3479,"US","GET /.sys/?action=rssgen&v=1 HTTP/1.1"
Thank you!
Gabe
- --
Gabriel Iovino
Principal Security Engineer, REN-ISAC
http://www.ren-isac.net
24x7 Watch Desk +1(317)278-6630
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
iEYEARECAAYFAkr4i/AACgkQwqygxIz+pTutIgCeJS0z8caebXsGx5gA+rb7P61m
LMMAnAxdRNXmnWAsH3ch7GCrAipi/77Q
=rJ3n
-----END PGP SIGNATURE-----
More information about the nsp-security
mailing list