[nsp-sec] IRC C&C at AS6746 and AS23383
Christoph Sprongl
ch at it-austria.net
Wed Mar 10 08:01:17 EST 2010
Carles,
can you provide more information about the infection.
Trojans and or impacts (data collecting, usage of network bandwith..)?
thx,
ch
> ----------- nsp-security Confidential --------
>
> Hi,
>
> During an infection investigation, we have identified two IRC C&C servers
> located at AS6746 (ASTRAL Romania) and AS23383 (METRORED Honduras).
>
>> ##!woot land.of.coon
>> 78.97.55.99 tcp/6900
>> 190.4.7.85 tcp/6900
>
>> AS | IP | AS Name
>> 6746 | 78.97.55.99 | ASTRAL UPC Romania Srl, Romania
>> 23383 | 190.4.7.85 | METRORED S.A. DE C.V.
>
> We do not have the malware artifact yet but it seems to be related with
> the other posts I performed several days ago.
>
> Regards,
>
> -- Carlos
>
>
> _______________________________________________
> nsp-security mailing list
> nsp-security at puck.nether.net
> https://puck.nether.net/mailman/listinfo/nsp-security
>
> Please do not Forward, CC, or BCC this E-mail outside of the nsp-security
> community. Confidentiality is essential for effective Internet security
> counter-measures.
> _______________________________________________
>
>
More information about the nsp-security
mailing list