[nsp-sec] Morto worm C&C (RDP Scanner) - ACK 2119
Helge Aksdal
helge.aksdal at telenor.com
Tue Aug 30 15:52:50 EDT 2011
* Joel Rosenblatt (2011-08-30 20:29):
Hi,
> Hi,
>
> I found what looks like a Morto worm C&C on our network on the 25th
> - it was taken down, but the bots are still reporting in - see
> attached file for IPs
>
> Start time for IP's found 2011/08/26 14:09:29 -0500
> End time 2011/08/29 01:43:28 -0500
>
> 2119 | 212.251.230.220 | TELENOR-NEXTEL Telenor Norge AS
> 2119 | 213.112.38.71 | TELENOR-NEXTEL Telenor Norge AS
> 2119 | 213.113.212.194 | TELENOR-NEXTEL Telenor Norge AS
> 2119 | 213.113.79.97 | TELENOR-NEXTEL Telenor Norge AS
> 2119 | 213.114.166.185 | TELENOR-NEXTEL Telenor Norge AS
> 2119 | 62.249.186.67 | TELENOR-NEXTEL Telenor Norge AS
> 2119 | 84.216.39.133 | TELENOR-NEXTEL Telenor Norge AS
> 2119 | 85.226.241.152 | TELENOR-NEXTEL Telenor Norge AS
> 2119 | 85.227.161.183 | TELENOR-NEXTEL Telenor Norge AS
> 2119 | 85.227.181.97 | TELENOR-NEXTEL Telenor Norge AS
> 2119 | 85.228.240.22 | TELENOR-NEXTEL Telenor Norge AS
> 2119 | 85.230.187.134 | TELENOR-NEXTEL Telenor Norge AS
> 2119 | 85.230.8.234 | TELENOR-NEXTEL Telenor Norge AS
> 2119 | 88.89.100.79 | TELENOR-NEXTEL Telenor Norge AS
> 9158 | 77.215.124.62 | SONOFON_AS Telenor A/S
ACK and thanks for sharing!
--
Helge Aksdal
Telenor
More information about the nsp-security
mailing list