[nsp-sec] ACK AS680 zbot infected IPs
Torsten Voss
voss at dfn-cert.de
Wed Oct 28 07:34:27 EDT 2009
Hi Dirk,
thanks for the data and ACK AS680
Cheers,
Torsten, AS680
--
Dipl.-Ing.(FH) Torsten Voss (Incident Response Team)
DFN-CERT Services GmbH, https://www.dfn-cert.de, Phone +49 40 808077-555
Sitz / Register: Hamburg, AG Hamburg, HRB 88805, Ust-IdNr.: DE 232129737
Sachsenstrasse 5, 20097 Hamburg/Germany, CEO: Dr. Klaus-Peter Kossakowski
Dirk Stander schrieb:
> ----------- nsp-security Confidential --------
>
>
>
> ------------------------------------------------------------------------
>
> Hi,
>
> please find attached a list of ~5k IPs taken from a ZeuS C&C (proxy).
> The domain aplikapublicidad.es (87.106.193.251:80) has been abused to
> proxy requests to http://xxxdessert.name/glk/gt.php
> It's ok to use the IP in the reports to your clients. The timestamps
> are in GMT.
>
> kind regards,
> Dirk Stander (1&1) :.
>
>
> ------------------------------------------------------------------------
>
>
>
> _______________________________________________
> nsp-security mailing list
> nsp-security at puck.nether.net
> https://puck.nether.net/mailman/listinfo/nsp-security
>
> Please do not Forward, CC, or BCC this E-mail outside of the nsp-security
> community. Confidentiality is essential for effective Internet security counter-measures.
> _______________________________________________
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 5898 bytes
Desc: S/MIME Cryptographic Signature
URL: <https://puck.nether.net/mailman/private/nsp-security/attachments/20091028/f1cd62a6/attachment-0001.bin>
More information about the nsp-security
mailing list