[nsp-sec] DDoS RS addition request - 91.205.17.4 port 8788/TCP botnet C2
Nicholas Ianelli
ni at centergate.net
Mon Jun 14 20:34:52 EDT 2010
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
I would like to completely understand this threat before takedown
(standard SDBOT, but I haven't RE'd this variant yet to understand it's
full set of capabilities), and at that, I want to be sure of complete
and utter dismemberment (pending no action by LE).
I have some more data points that I need to review and process. I'll get
a nice full picture and send it to the list for anyone that's interested.
Cheers,
Nick
On 2010.06.14 18:07 PM, Barry Raveendran Greene wrote:
>
> Are these worth knocking off with nxdomains?
>
>
>
> On 6/14/10 11:12 AM, "Tim Wilde" <twilde at cymru.com> wrote:
>
>> ----------- nsp-security Confidential --------
>>
> On 6/12/2010 8:48 PM, Nicholas Ianelli wrote:
>>>> Here are the DNS RRs tied to some of their malware:
>>>>
>>>> webdev.gpdvinc.com
>>>> emt.gatuzo.net
>>>> wbdv3.ptgdevinc.com
>>>> chat.haraldmark.com
>>>> video.jizzstars.com
>>>> talk.purplelots.com
>>>> ns01.jizzshow.com
>
> BTW, all of these domains (except for jizzstars.com) appear to have NS
> on everydns.net, you may want to give the folks at Dyn, Inc. a ping if
> you haven't already (I believe Tom is still on-list here) and see if
> they can do anything about this (including monitoring/delaying tactics
> if you don't want them just jumping ship to another provider, of course).
>
> Regards,
> Tim
>
>>
>>
_______________________________________________
nsp-security mailing list
nsp-security at puck.nether.net
https://puck.nether.net/mailman/listinfo/nsp-security
>>
Please do not Forward, CC, or BCC this E-mail outside of the nsp-security
community. Confidentiality is essential for effective Internet security
counter-measures.
_______________________________________________
- --
Nicholas Ianelli: Neustar, Inc.
Security Operations
46000 Center Oak Plaza Sterling, VA 20166
+1 571.434.4691 - http://www.neustar.biz
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (MingW32)
iEYEARECAAYFAkwWyqwACgkQi10dJIBjZIBMxACfWl+eeXipQxZpcCZDQxWX+p4h
hhAAnRAx3iEkq/+nRUOnx4GFXe6hc8Wm
=yLi6
-----END PGP SIGNATURE-----
More information about the nsp-security
mailing list