[nsp-sec] DDoS RS addition request - 91.205.17.4 port 8788/TCP botnet C2
Tim Wilde
twilde at cymru.com
Mon Jun 14 14:12:47 EDT 2010
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On 6/12/2010 8:48 PM, Nicholas Ianelli wrote:
> Here are the DNS RRs tied to some of their malware:
>
> webdev.gpdvinc.com
> emt.gatuzo.net
> wbdv3.ptgdevinc.com
> chat.haraldmark.com
> video.jizzstars.com
> talk.purplelots.com
> ns01.jizzshow.com
BTW, all of these domains (except for jizzstars.com) appear to have NS
on everydns.net, you may want to give the folks at Dyn, Inc. a ping if
you haven't already (I believe Tom is still on-list here) and see if
they can do anything about this (including monitoring/delaying tactics
if you don't want them just jumping ship to another provider, of course).
Regards,
Tim
- --
Tim Wilde, Senior Software Engineer, Team Cymru, Inc.
twilde at cymru.com | +1-630-230-5433 | http://www.team-cymru.org/
-----BEGIN PGP SIGNATURE-----
iEYEARECAAYFAkwWcR8ACgkQluRbRini9tgSvgCcCS8srn8XKKs99ZeOun+rDSlJ
TcwAn3Js2q9WPeZfXnJ5UB8vLB/354Wp
=duEQ
-----END PGP SIGNATURE-----
More information about the nsp-security
mailing list