[nsp-sec] Limbo/Ambler/Nethell bots
Gabriel Iovino
giovino at ren-isac.net
Tue Oct 6 11:38:30 EDT 2009
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Dirk Stander wrote:
> please find attached a list of IPs and time stamps of ~9k bots,
> which were downloading Limbo/Ambler/Nethell configuration files.
Sanitized notifications have been sent to the following:
> 55 | 165.123.243.168 | US | 2009-10-02 15:08:46 | UPENN-CIS - University of Pennsylvania
> 239 | 142.150.148.182 | CA | 2009-10-02 13:16:34 | UTORONTO-AS - University of Toronto
> 376 | 132.204.219.91 | CA | 2009-10-02 23:14:16 | RISQ-AS - Reseau Interordinateurs Scientique Quebecois (RISQ)
> 376 | 132.204.232.77 | CA | 2009-10-02 19:41:37 | RISQ-AS - Reseau Interordinateurs Scientique Quebecois (RISQ)
> 2701 | 129.130.229.176 | US | 2009-10-04 18:12:03 | KSU-NET - Kansas State University
> 2701 | 129.130.229.201 | US | 2009-10-02 14:11:58 | KSU-NET - Kansas State University
> 2701 | 129.130.229.227 | US | 2009-10-02 18:20:35 | KSU-NET - Kansas State University
> 10448 | 153.104.167.58 | US | 2009-10-04 17:20:43 | VILLANOVA-UNIV - Villanova University
> 11686 | 165.139.87.3 | US | 2009-10-02 13:11:57 | ENA - Education Networks of America
> 12005 | 129.252.69.40 | US | 2009-10-02 15:56:26 | SC-AS - University of South Carolina
> 14513 | 161.210.61.180 | US | 2009-10-02 15:39:41 | DMACC - Des Moines Area Community College
> 18564 | 149.68.155.179 | US | 2009-10-05 18:25:00 | SJU149068 - St. John_s University, New York
> 22742 | 137.49.234.53 | US | 2009-10-02 11:46:05 | CT-ED-NET - State of Connecticut Dept of InformationTechnology
> 46512 | 165.6.5.198 | US | 2009-10-04 17:22:24 | UT-MEDICAL-CENTER - University of Tennessee Medical Center
Thank you!
Gabe
- --
Gabriel Iovino
Principal Security Engineer, REN-ISAC
http://www.ren-isac.net
24x7 Watch Desk +1(317)278-6630
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
iEYEARECAAYFAkrLZHYACgkQwqygxIz+pTshbwCg5cytj6NTO8yStU2b0UGLm7uX
udIAoIfd7IbAZbeMJl/bhRGDFNNRf2br
=XwYX
-----END PGP SIGNATURE-----
More information about the nsp-security
mailing list