[nsp-sec] Morto worm C&C (RDP Scanner)
Robert
robert at servalens.com
Tue Aug 30 15:39:31 EDT 2011
Thanks,
ACK 2830, 19262, 22394
Robert
Verizon
On 08/30/2011 12:29 PM, Joel Rosenblatt wrote:
> ----------- nsp-security Confidential --------
>
>
>
>
> Hi,
>
> I found what looks like a Morto worm C&C on our network on the 25th - it
> was taken down, but the bots are still reporting in - see attached file
> for IPs
>
> Start time for IP's found 2011/08/26 14:09:29 -0500
> End time 2011/08/29 01:43:28 -0500
>
> Here are the ASNs found:
>
snip
>
> Joel Rosenblatt, Manager Network & Computer Security
> Columbia Information Security Office (CISO)
> Columbia University, 612 W 115th Street, NY, NY 10025 / 212 854 3033
> http://www.columbia.edu/~joel
> Public PGP key
> http://pgp.mit.edu:11371/pks/lookup?op=get&search=0x90BD740BCC7326C3
>
>
>
>
>
> _______________________________________________
> nsp-security mailing list
> nsp-security at puck.nether.net
> https://puck.nether.net/mailman/listinfo/nsp-security
>
> Please do not Forward, CC, or BCC this E-mail outside of the nsp-security
> community. Confidentiality is essential for effective Internet security counter-measures.
> _______________________________________________
More information about the nsp-security
mailing list