[nsp-sec] ACK: Limbo/Ambler/Nethell bots
Rodolfo Baader
rbaader at arcert.gov.ar
Tue Oct 6 19:41:52 EDT 2009
Hi!
ACK for AR ASNs: 7303 10318 10481 10834 16814 19037 22927
Notifications were sent to the abuse/noc departments.
R.
Dirk Stander wrote:
> ----------- nsp-security Confidential --------
>
>
>
> ------------------------------------------------------------------------
>
> Hi,
>
> please find attached a list of IPs and time stamps of ~9k bots,
> which were downloading Limbo/Ambler/Nethell configuration files.
>
> C&C was: hxxp://blackclone.com/images/1/
>
> The clients are most likely infected with one of the following binaries:
> ce1ac239d4a3b6f8be0076691dcae370 ./images/1/aol.exe
> 6c9b66ec0ee42ee6d048b286977f707b ./images/1/1/1.exe
> 0336ad3b3be5241cde2575f44b65ba16 ./images/1/demo.exe
> e411a13e7e2844f1d1d8fd5e456f6afd ./images/1/sever.exe
>
> The time stamps are in UTC.
>
>
> kind regards, Dirk Stander (1&1) :.
>
>
> ------------------------------------------------------------------------
>
>
>
> _______________________________________________
> nsp-security mailing list
> nsp-security at puck.nether.net
> https://puck.nether.net/mailman/listinfo/nsp-security
>
> Please do not Forward, CC, or BCC this E-mail outside of the nsp-security
> community. Confidentiality is essential for effective Internet security counter-measures.
> _______________________________________________
More information about the nsp-security
mailing list