[nsp-sec] List of bots distributing infecting iframe - ACK 855 + Details
White, Gerard
Gerard.White at bellaliant.ca
Fri Oct 30 15:44:43 EDT 2009
ACK 855... Nice catch.
BTW, these machines appear to be equipped with reverse-proxy HC malware
They call home to TCP/443 (NON-TLS) at:
AS | IP | AS Name
40935 | 209.31.180.44 | RELYNET - RelyNet Inc.
36351 | 206.217.205.156 | SOFTLAYER - SoftLayer Technologies Inc.
There may be others...
Happy Halloween, eh?
GW
855 - Bell Aliant
-----Original Message-----
From: nsp-security-bounces at puck.nether.net
[mailto:nsp-security-bounces at puck.nether.net] On Behalf Of Tarmo Randel
Sent: October-30-09 10:22 AM
To: NSP-Sec
Subject: [nsp-sec] List of bots distributing infecting iframe
----------- nsp-security Confidential --------
Hello,
please find list of IP addresses involved in distributing drive-by URL
hxxp: // lastanotherlife .ru :8080 / index.php via FTP. Timestamps are
in GMT.
Tarmo Randel
CERT-EE
--
+372 663 0254
More information about the nsp-security
mailing list