[nsp-sec] black_energy ddos drones
Marius Urkis
marius at litnet.lt
Thu Oct 29 02:51:43 EDT 2009
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
ACK 2847
both synflood and C&C connections confirmed by flowses.
Dirk Stander wrote:
> ----------- nsp-security Confidential --------
>
>
>
> ------------------------------------------------------------------------
>
> Hi,
>
> please find attached a list of ~6k drones, which were participating
> in a http flood against one of our customers (aandewatches.com,
> 74.208.182.201 & 74.208.203.4).
>
> The C&C of this botnet is at hack-off.ru, 220.194.54.153 -- any help
> in taking it down would be much appreciated!
>
> kind regards, Dirk Stander (1&1) :.
>
>
> ------------------------------------------------------------------------
>
>
>
> _______________________________________________
> nsp-security mailing list
> nsp-security at puck.nether.net
> https://puck.nether.net/mailman/listinfo/nsp-security
>
> Please do not Forward, CC, or BCC this E-mail outside of the nsp-security
> community. Confidentiality is essential for effective Internet security counter-measures.
> _______________________________________________
- --
Marius
=============================
Marius Urkis
LITNET CERT
http://cert.litnet.lt
Tel: +370 37 300645
GSM: +370 687 79059
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.12 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
iEYEARECAAYFAkrpO38ACgkQHS98nbdNAJwLDwCfRKpr227OB2seMVN/KMKv+Jhl
93QAmwZe1zEHTV0WCryq5k/VgA0Ph+O/
=nMRc
-----END PGP SIGNATURE-----
More information about the nsp-security
mailing list