[nsp-sec] DDoS RS addition request - 91.205.17.4 port 8788/TCP botnet C2
Barry Raveendran Greene
bgreene at senki.org
Mon Jun 14 18:07:25 EDT 2010
Are these worth knocking off with nxdomains?
On 6/14/10 11:12 AM, "Tim Wilde" <twilde at cymru.com> wrote:
> ----------- nsp-security Confidential --------
>
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> On 6/12/2010 8:48 PM, Nicholas Ianelli wrote:
>> Here are the DNS RRs tied to some of their malware:
>>
>> webdev.gpdvinc.com
>> emt.gatuzo.net
>> wbdv3.ptgdevinc.com
>> chat.haraldmark.com
>> video.jizzstars.com
>> talk.purplelots.com
>> ns01.jizzshow.com
>
> BTW, all of these domains (except for jizzstars.com) appear to have NS
> on everydns.net, you may want to give the folks at Dyn, Inc. a ping if
> you haven't already (I believe Tom is still on-list here) and see if
> they can do anything about this (including monitoring/delaying tactics
> if you don't want them just jumping ship to another provider, of course).
>
> Regards,
> Tim
>
> - --
> Tim Wilde, Senior Software Engineer, Team Cymru, Inc.
> twilde at cymru.com | +1-630-230-5433 | http://www.team-cymru.org/
> -----BEGIN PGP SIGNATURE-----
>
> iEYEARECAAYFAkwWcR8ACgkQluRbRini9tgSvgCcCS8srn8XKKs99ZeOun+rDSlJ
> TcwAn3Js2q9WPeZfXnJ5UB8vLB/354Wp
> =duEQ
> -----END PGP SIGNATURE-----
>
>
> _______________________________________________
> nsp-security mailing list
> nsp-security at puck.nether.net
> https://puck.nether.net/mailman/listinfo/nsp-security
>
> Please do not Forward, CC, or BCC this E-mail outside of the nsp-security
> community. Confidentiality is essential for effective Internet security
> counter-measures.
> _______________________________________________
More information about the nsp-security
mailing list