[nsp-sec] Botnet C&C at AS44347 (188.65.49.11)

Smith, Donald Donald.Smith at qwest.com
Mon May 3 15:45:32 EDT 2010 

I looked for any traffic towards that IP and didn't see any since the beginning of this month?

(coffee != sleep) & (!coffee == sleep)
Donald.Smith at qwest.com gcia

> -----Original Message-----
> From: nsp-security-bounces at puck.nether.net
> [mailto:nsp-security-bounces at puck.nether.net] On Behalf Of
> Carles Fragoso
> Sent: Monday, May 03, 2010 6:36 AM
> To: nsp-security at puck.nether.net
> Subject: [nsp-sec] Botnet C&C at AS44347 (188.65.49.11)
>
> ----------- nsp-security Confidential --------
>
> Hi!
>
> There seems to be a spybot botnet C&C at SINT-AS in Russia at
> 188.65.49.11 (tcp/9595):
>
> AS      | IP               | AS Name
> 44347   | 188.65.49.11     | SINT-AS Limited Company _SiNT_
>
> .inetnum:         188.65.48.0 - 188.65.51.255
> netname:         sint-ltd-net
> descr:           Limited Company "SiNT"
> country:         ru
> org:             ORG-LC18-RIPE
> admin-c:         RCL14-RIPE
> tech-c:          AEV9-RIPE
> tech-c:          AIA7-RIPE
> status:          ASSIGNED PA
> mnt-by:          SINT-MNT
> source:          RIPE # Filtered
> organisation:    ORG-LC18-RIPE
> org-name:        Limited Company "SiNT"
> org-type:        LIR
> address:         Limited Company "SiNT"
>                 Chemali Ramazashvili
>                 Torgovyi ryad vozle GUSa, 1 m-on
>                 662150 Achinsk
>                 Russian Federation
> phone:           +73915156000
> fax-no:          +73915144550
> e-mail:          sint at achmail.ru
> mnt-ref:         RIPE-NCC-HM-MNT
> mnt-ref:         SINT-MNT
> mnt-by:          RIPE-NCC-HM-MNT
> source:          RIPE # Filtered
>
>
> route:           188.65.48.0/22
> descr:           Limited Company "SiNT"
> origin:          AS44347
> mnt-by:          SINT-MNT
> source:          RIPE # Filtered
>
> route:           188.65.48.0/21
> descr:           Limited Company "SiNT"
> origin:          AS44347
> mnt-by:          SINT-MNT
> source:          RIPE # Filtered
>
> Warm regards,
>
> -- Carlos
>
>
> _______________________________________________
> nsp-security mailing list
> nsp-security at puck.nether.net
> https://puck.nether.net/mailman/listinfo/nsp-security
>
> Please do not Forward, CC, or BCC this E-mail outside of the
> nsp-security
> community. Confidentiality is essential for effective
> Internet security counter-measures.
> _______________________________________________
>

This communication is the property of Qwest and may contain confidential or
privileged information. Unauthorized use of this communication is strictly
prohibited and may be unlawful.  If you have received this communication
in error, please immediately notify the sender by reply e-mail and destroy
all copies of the communication and any attachments.

More information about the nsp-security mailing list