[nsp-sec] Botnet C&C at AS44347 (188.65.49.11)

Mon May 3 08:35:31 EDT 2010

Hi!

There seems to be a spybot botnet C&C at SINT-AS in Russia at 188.65.49.11 (tcp/9595):

AS      | IP               | AS Name
44347   | 188.65.49.11     | SINT-AS Limited Company _SiNT_

.inetnum:         188.65.48.0 - 188.65.51.255
netname:         sint-ltd-net
descr:           Limited Company "SiNT"
country:         ru
org:             ORG-LC18-RIPE
admin-c:         RCL14-RIPE
tech-c:          AEV9-RIPE
tech-c:          AIA7-RIPE
status:          ASSIGNED PA
mnt-by:          SINT-MNT
source:          RIPE # Filtered
organisation:    ORG-LC18-RIPE
org-name:        Limited Company "SiNT"
org-type:        LIR
address:         Limited Company "SiNT"
                Chemali Ramazashvili
                Torgovyi ryad vozle GUSa, 1 m-on
                662150 Achinsk
                Russian Federation
phone:           +73915156000
fax-no:          +73915144550
e-mail:          sint at achmail.ru
mnt-ref:         RIPE-NCC-HM-MNT
mnt-ref:         SINT-MNT
mnt-by:          RIPE-NCC-HM-MNT
source:          RIPE # Filtered

route:           188.65.48.0/22
descr:           Limited Company "SiNT"
origin:          AS44347
mnt-by:          SINT-MNT
source:          RIPE # Filtered

route:           188.65.48.0/21
descr:           Limited Company "SiNT"
origin:          AS44347
mnt-by:          SINT-MNT
source:          RIPE # Filtered

Warm regards,

-- Carlos