[nsp-sec] ATTN Google - Malware on a Googlegroups (list of some sources)
Scott A. McIntyre
scott at xs4all.net
Tue May 11 02:29:06 EDT 2010
Hi all,
> Used the link for a new one:
>
> http://gorlum.googlegroups.com/web/setup.zip
>
What do we know about the malware that is spewing this stuff out? I've
noticed some interesting patterns about how and when it arrives, and in
the sources.
I tend to be sceptical about coincidences and noticed that this all
kicked off about the same time as Brian mentioned what appeared to be
new Storm type malware variant. Perhaps unrelated, but, well...
I've noticed that most of the hosts sending use a HELO that is along the
lines of:
PTMZTZYH
QRKVNSHIQ
TRGKDVJ
And so on.
Just curious as to what's actually sending this out.
Here's a list of some offenders (sorry for any wrapping issues).
Scott A. McIntyre
XS4ALL Internet B.V.
577 | 70.28.49.247 | BACOM - Bell Canada
2856 | 81.152.216.198 | BT-UK-AS BTnet UK Regional network
3269 | 82.49.94.253 | ASN-IBSNAZ Telecom Italia S.p.a.
3786 | 115.92.207.130 | LGDACOM LG DACOM Corporation
3816 | 190.69.61.119 | COLOMBIA TELECOMUNICACIONES S.A. ESP
4761 | 120.160.16.226 | INDOSAT-INP-AP INDOSAT Internet Network
Provider
4761 | 120.163.1.196 | INDOSAT-INP-AP INDOSAT Internet Network
Provider
4761 | 120.163.75.25 | INDOSAT-INP-AP INDOSAT Internet Network
Provider
4766 | 121.176.175.120 | KIXS-AS-KR Korea Telecom
4766 | 210.91.117.203 | KIXS-AS-KR Korea Telecom
4766 | 218.152.106.137 | KIXS-AS-KR Korea Telecom
4766 | 220.120.185.194 | KIXS-AS-KR Korea Telecom
4766 | 222.108.87.134 | KIXS-AS-KR Korea Telecom
4766 | 222.99.108.139 | KIXS-AS-KR Korea Telecom
4775 | 222.127.197.38 | GLOBE-TELECOM-AS Globe Telecom, Inc.
4788 | 202.188.29.91 | TMNET-AS-AP TM Net, Internet Service Provider
4837 | 60.25.131.193 | CHINA169-BACKBONE CNCGROUP China169 Backbone
5541 | 77.232.216.130 | ADNET-AS SC AD NET MARKET MEDIA SRL
6147 | 190.232.38.142 | Telefonica del Peru S.A.A.
6147 | 190.42.48.218 | Telefonica del Peru S.A.A.
6147 | 200.106.115.148 | Telefonica del Peru S.A.A.
6306 | 186.24.19.3 | Telcel, C.A
6306 | 186.25.176.203 | Telcel, C.A
6400 | 190.166.109.243 | Compañía Dominicana de Teléfonos, C. por A.
- CODETEL
6429 | 190.54.26.226 | Telmex Chile Internet S.A.
6471 | 190.151.14.130 | ENTEL CHILE S.A.
6697 | 178.120.55.129 | BELPAK-AS BELPAK
6697 | 93.84.243.206 | BELPAK-AS BELPAK
6713 | 41.140.25.37 | IAM-AS
6713 | 41.140.8.173 | IAM-AS
6713 | 41.251.62.204 | IAM-AS
6713 | 41.251.97.195 | IAM-AS
6746 | 78.96.245.167 | ASTRAL UPC Romania Srl, Romania
6746 | 95.77.195.6 | ASTRAL UPC Romania Srl, Romania
6821 | 77.29.169.12 | MT-AS-OWN Makedonski Telekom
6830 | 188.167.47.139 | UPC UPC Broadband
6849 | 92.113.186.228 | UKRTELNET JSC UKRTELECOM,
6851 | 217.24.74.35 | BKCNET _SIA_ IZZI
6877 | 178.95.101.205 | AS6877 Utel Mobile Internet Service ASN
7303 | 190.230.65.250 | Telecom Argentina S.A.
7418 | 186.104.153.119 | TELEFÓNICA CHILE S.A.
7418 | 186.104.190.99 | TELEFÓNICA CHILE S.A.
7418 | 186.105.209.65 | TELEFÓNICA CHILE S.A.
7418 | 190.22.166.225 | TELEFÓNICA CHILE S.A.
7418 | 190.22.182.119 | TELEFÓNICA CHILE S.A.
7738 | 189.83.51.248 | Telecomunicacoes da Bahia S.A.
8048 | 186.89.66.205 | CANTV Servicios, Venezuela
8048 | 201.238.3.51 | CANTV Servicios, Venezuela
8167 | 189.31.90.219 | TELESC - Telecomunicacoes de Santa Catarina SA
8167 | 200.203.49.244 | TELESC - Telecomunicacoes de Santa Catarina SA
8400 | 77.46.188.144 | TELEKOM-AS _TELEKOM SRBIJA_ a.d.
8661 | 178.175.120.102 | PTK PTK IP/MPLS Network
8661 | 178.175.39.4 | PTK PTK IP/MPLS Network
8661 | 178.175.94.25 | PTK PTK IP/MPLS Network
8661 | 213.163.118.93 | PTK PTK IP/MPLS Network
9050 | 89.123.208.75 | RTD ROMTELECOM S.A
9050 | 92.87.228.249 | RTD ROMTELECOM S.A
9116 | 77.126.94.200 | GOLDENLINES-ASN 012 Smile Communications
Main Autonomous System
9198 | 92.46.224.208 | KAZTELECOM-AS JSC Kazakhtelecom
9318 | 118.220.177.45 | HANARO-AS Hanaro Telecom Inc.
9318 | 175.113.177.155 | HANARO-AS Hanaro Telecom Inc.
9318 | 211.213.96.156 | HANARO-AS Hanaro Telecom Inc.
9329 | 112.135.57.248 | SLTINT-AS-AP Sri Lanka Telecom Internet
9497 | 115.147.230.191 | DIGITELONE Digital Telecommunications
Philippines Inc.
9497 | 115.147.237.164 | DIGITELONE Digital Telecommunications
Philippines Inc.
9756 | 211.247.97.29 | CHEONANVITSSEN-AS-KR Cheonan Broadcast
Corporation
9768 | 210.100.188.137 | PUBNET1-AS KT
9829 | 117.197.179.11 | BSNL-NIB National Internet Backbone
9829 | 117.197.234.171 | BSNL-NIB National Internet Backbone
9829 | 117.199.112.50 | BSNL-NIB National Internet Backbone
9829 | 210.212.120.17 | BSNL-NIB National Internet Backbone
9829 | 59.93.205.10 | BSNL-NIB National Internet Backbone
9829 | 59.93.49.85 | BSNL-NIB National Internet Backbone
9829 | 59.94.187.133 | BSNL-NIB National Internet Backbone
10292 | 72.27.62.225 | CWJAM ASN-CWJAMAICA
10429 | 200.205.95.10 | Telefonica Empresas SA
10620 | 186.87.242.126 | Telmex Colombia S.A.
10620 | 190.159.118.52 | Telmex Colombia S.A.
11315 | 186.141.65.192 | Movicom BellSouth
11556 | 201.227.201.132 | Cable & Wireless Panama
12730 | 95.106.73.207 | INECO_AS INECO Autonomous System
12880 | 80.191.94.250 | DCI-AS DCI Autonomous System
12880 | 85.185.225.57 | DCI-AS DCI Autonomous System
12946 | 213.141.41.246 | TELECABLE TELECABLE Autonomous System
13046 | 213.202.68.68 | ASN-ISKON ISKON
13285 | 89.243.46.119 | OPALTELECOM-AS Opal Telecom
13489 | 190.28.71.139 | EPM Telecomunicaciones S.A. E.S.P.
13489 | 190.71.155.42 | EPM Telecomunicaciones S.A. E.S.P.
15399 | 41.212.81.121 | WANANCHI-KE
15500 | 95.67.191.250 | OJSC VolgaTelecom
15895 | 94.153.252.178 | KSNET-AS Kyivstar GSM
16135 | 178.245.240.239 | TURKCELL-AS Turkcell A.S.
16135 | 188.56.149.222 | TURKCELL-AS Turkcell A.S.
16135 | 188.56.250.241 | TURKCELL-AS Turkcell A.S.
16637 | 41.121.47.9 | MTNNS-AS
17379 | 189.77.211.26 | Intelig Telecomunica Ltda
17488 | 116.73.123.74 | HATHWAY-NET-AP Hathway IP Over Cable Internet
17488 | 125.99.141.5 | HATHWAY-NET-AP Hathway IP Over Cable Internet
17494 | 123.49.47.11 | BTTB-AS-AP Telecom Operator & Internet
Service Provider as well
17552 | 115.87.45.53 | TRUE-AS-AP True Corporation Co.,Ltd.
17552 | 61.90.14.135 | TRUE-AS-AP True Corporation Co.,Ltd.
17608 | 211.111.235.15 | ABN-AS-KR Areum Broadcasting Network
17609 | 61.100.228.1 | SILLAUNIVERSITY-AS-KR Silla Univ.
17762 | 114.143.188.170 | HTIL-TTML-IN-AP Tata Teleservices
Maharashtra Ltd
17803 | 115.240.88.125 | BSES-AS-AP BSES TeleCom Limited
17858 | 115.140.76.100 | KRNIC-ASBLOCK-AP KRNIC
17858 | 125.185.235.97 | KRNIC-ASBLOCK-AP KRNIC
17885 | 202.152.243.208 | JKTXLNET-AS-AP PT Excelcomindo Pratama
17974 | 110.137.161.174 | TELKOMNET-AS2-AP PT Telekomunikasi Indonesia
17974 | 110.137.77.90 | TELKOMNET-AS2-AP PT Telekomunikasi Indonesia
17974 | 118.96.55.110 | TELKOMNET-AS2-AP PT Telekomunikasi Indonesia
17974 | 118.96.74.41 | TELKOMNET-AS2-AP PT Telekomunikasi Indonesia
17974 | 125.160.155.136 | TELKOMNET-AS2-AP PT Telekomunikasi Indonesia
17974 | 125.161.204.39 | TELKOMNET-AS2-AP PT Telekomunikasi Indonesia
17974 | 125.167.107.182 | TELKOMNET-AS2-AP PT Telekomunikasi Indonesia
17974 | 222.124.156.231 | TELKOMNET-AS2-AP PT Telekomunikasi Indonesia
18001 | 123.231.20.16 | DIALOG-AS DIALOG TELEKOM PLC
18004 | 202.70.54.199 | WIRELESSNET-ID-AP WIRELESSNET AS
18035 | 220.82.6.66 | HANSEO18035-AS-KR HANSEO UNIVERSITY
18747 | 190.94.221.217 | IFX-NW - IFX Communication Ventures, Inc.
18881 | 189.115.253.183 | Global Village Telecom
18881 | 189.26.143.83 | Global Village Telecom
19037 | 186.12.112.231 | CTI Compania de Telefonas del Interior S.A.
19262 | 173.68.184.122 | VZGNI-TRANSIT - Verizon Internet Services Inc.
19429 | 190.27.91.128 | ETB - Colombia
19429 | 200.119.61.106 | ETB - Colombia
19429 | 201.244.116.196 | ETB - Colombia
20207 | 190.183.60.253 | Gigared S.A.
21003 | 41.252.36.60 | GPTC-AS
21003 | 41.254.0.177 | GPTC-AS
21003 | 41.254.0.253 | GPTC-AS
21021 | 89.231.206.97 | MULTIMEDIA-AS Multimedia Polska Sp.z o.o.
21127 | 109.171.10.199 | ZSTTKAS JSC Zap-Sib TransTeleCom
21220 | 93.112.50.104 | TELEMOBIL Telemobil S.A.
21277 | 109.205.114.74 | NWRZ Newroz Telecom Ltd. AS Number
22927 | 190.51.241.7 | Telefonica de Argentina
23693 | 114.123.6.183 | TELKOMSEL-ASN-ID PT. Telekomunikasi Selular
23947 | 202.43.181.7 | CEPATNET-AS-ID Internet Service Provider
PT.Mora Telematika Indonesia
24106 | 115.147.230.191 | DMPI-AS-AP DMPI, Digitel Mobile Philippines
Inc.,
24106 | 115.147.237.164 | DMPI-AS-AP DMPI, Digitel Mobile Philippines
Inc.,
24560 | 116.68.243.37 | AIRTELBROADBAND-AS-AP Bharti Airtel Ltd.,
Telemedia Services
24560 | 122.166.184.179 | AIRTELBROADBAND-AS-AP Bharti Airtel Ltd.,
Telemedia Services
24863 | 41.131.81.197 | LINKdotNET-AS
24863 | 41.178.101.46 | LINKdotNET-AS
25159 | 83.149.9.221 | SONICDUO-AS AS for MegaFon-Moscow.
25543 | 212.52.148.109 | FasoNet-AS
26611 | 190.125.146.0 | COMCEL S.A.
27680 | 201.220.232.61 | TELEFONICA MOVIL DE CHILE S.A.
27695 | 190.3.250.223 | EDATEL S.A. E.S.P
27717 | 190.121.238.42 | Corporacion Digitel C.A.
27831 | 186.97.240.237 | Colombia Móvil
27831 | 186.97.92.27 | Colombia Móvil
27932 | 200.107.235.118 | Redes y Telecomunicaciones
27968 | 200.107.6.12 | CORPORACION NACIONAL DE TELECOMUNICACIONES
CNT S.A.
28840 | 89.232.105.92 | TATTELECOM-AS Tattelecom.ru/Tattelecom
Autonomous System
28885 | 82.178.69.200 | OMANTEL-NAP-AS OmanTel NAP
28909 | 77.76.54.154 | BG-TVSAT-AS TVSAT NET Ltd.
30890 | 89.114.212.75 | EVOLVA Evolva Telecom s.r.l.
30955 | 92.240.118.102 | UHT-AS Ukrainian High Technologies Ltd.,
Kiev, Ukraine
30991 | 196.201.249.114 | SAHANNET Sahannet AS Network
31133 | 85.26.234.235 | MF-MGSM-AS OJSC MegaFon Network
31163 | 83.149.28.70 | MF-KAVKAZ-AS Caucasus Branch of OJSC MegaFon AS
31208 | 83.149.45.79 | MF-CENTER-AS OJSC MegaFon Network
31585 | 83.167.89.170 | ASN-COLTEL JSC _Columbia-Telecom_
Autonomous System
33770 | 41.220.238.163 | KDN
33774 | 41.201.61.27 | DJAWEB
35047 | 109.236.36.6 | ABISSNET Abiss Net Tirana Albania
35757 | 77.120.53.134 | RICONA-AS Ricona Ltd network
36884 | 196.12.233.11 | MAROCCONNECT
36905 | 41.205.80.60 | Creolink-ASN
36992 | 84.36.190.74 | ETISALAT-MISR
38571 | 116.68.240.24 | SBS-ISP-AS Star Broadband Services (I) Pvt.
Ltd.
38721 | 117.18.229.25 | PBTL-BD-AS-AP Pacific Bangladesh Telecom
Limited.
39308 | 89.144.168.211 | ASK-AS Andishe Sabz Khazar Autonomous System
39442 | 92.39.111.122 | UNICO-AS JSC UNICO
41661 | 94.181.35.73 | ERTH-CHEL-AS CJSC _Company _ER-Telecom_
Chelyabinsk
42003 | 77.42.213.100 | OGERONET OGERO Telecom
42003 | 89.17.122.25 | OGERONET OGERO Telecom
42896 | 91.205.218.66 | ACS-AS TOV _Research and Production Company
_ACS-Group_
43197 | 109.68.232.21 | TT-MOBILE-AS JSC TT Mobile
44087 | 109.126.140.170 | BEST-AS _BeST_ CJSC
45841 | 183.87.33.27 | P4NETWORKS-IN 506/7, balarma building,
Bandra Kurla Complex, Bandra (E). Mumbai - 400051
45899 | 123.26.206.70 | VNPT-AS-VN VNPT Corp
48411 | 91.207.244.1 | IDEAL FOP Samoylenko Oleksandr Volodymirovich
48873 | 95.129.178.236 | PROXI-COM as-proxi-com
50649 | 195.191.195.12 | DINAS-AS PE Kuznetsova Viktoria Viktorovna
More information about the nsp-security
mailing list