[nsp-sec] Limbo/Ambler/Nethell bots
Rob Thomas
robt at cymru.com
Tue Oct 6 10:57:21 EDT 2009
Hi, Dirk.
> C&C was: hxxp://blackclone.com/images/1/
We see a couple of other interesting DNS RRs pointed to that host.
stamp | qname | class | type | rdata
--------------------- ------------------------ ------- ------
----------------
2009-08-19 01:35:49 | www.pornorecruiter.com | IN | A |
74.208.186.149
2009-09-27 08:55:14 | troop308sfl.org | IN | A |
74.208.186.149
Thanks,
Rob.
--
Rob Thomas
Team Cymru
https://www.team-cymru.org/
ASSERT(coffee != empty);
More information about the nsp-security
mailing list