[nsp-sec] zbot infected IPs
Gabriel Iovino
giovino at ren-isac.net
Tue Oct 27 16:11:06 EDT 2009
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Dirk Stander wrote:
> please find attached a list of ~5k IPs taken from a ZeuS C&C (proxy).
> The domain aplikapublicidad.es (87.106.193.251:80) has been abused to
> proxy requests to http://xxxdessert.name/glk/gt.php
> It's ok to use the IP in the reports to your clients. The timestamps
> are in GMT.
Sanitized notifications have been sent to the following:
> 1968 | 134.88.165.226 | US | 2009-10-21 22:07:19 | UMASSP-DOM - University of Massachusettes
> 23262 | 204.152.134.2 | US | 2009-10-21 22:27:38 | LINCOLN-UNIVERSITY - Lincoln University
Thank you!
Gabe
- --
Gabriel Iovino
Principal Security Engineer, REN-ISAC
http://www.ren-isac.net
24x7 Watch Desk +1(317)278-6630
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
iEYEARECAAYFAkrnU9kACgkQwqygxIz+pTuvfgCgmuPqCJIKZbk+7Lj2qtN3Ms53
GqgAoJBkSVa+KBsosz4DJu+YA8bv++D4
=BGw0
-----END PGP SIGNATURE-----
More information about the nsp-security
mailing list