[nsp-sec] ACK 224 130K+ Infected Ips on ~3600 ASNs
Morten Knutsen
morten.knutsen at uninett.no
Thu Oct 1 16:03:30 EDT 2009
Stephen Gill wrote:
> ----------- nsp-security Confidential --------
>
> Hi Team,
>
> This password stealer head end IP appears to be quite busy:
>
> 76.73.37.250
>
> We're working w/ the ISP on takedown, however in the meantime here is a list
> of 130K+ infected Ips seen talking to it primarily via TCP 80 (reporting
> stolen credentials) and UDP 7006 - UDP 7012. I don't anticipate an IP
> takedown to last forver because they can likely re-route via DNS.
ACK 224, thanks!
--
Regards,
Morten Knutsen
UNINETT AS224
More information about the nsp-security
mailing list