[nsp-sec] ACK: Morto worm C&C (RDP Scanner)
Rodolfo Baader
rbaader at arcert.gov.ar
Wed Aug 31 13:59:26 EDT 2011
Hi Thomas,
proxy ACK for ASNs: 7303, 10318, 10481, 11315, 11664, 22927, 27747, 27984
Notifications were sent to the abuse/noc departments.
Regards,
R.
El 30/08/11 15:29, Joel Rosenblatt escribió:
>
> Hi,
>
> I found what looks like a Morto worm C&C on our network on the 25th - it was taken down, but the bots are still reporting in - see attached file for IPs
>
>
> Start time for IP's found 2011/08/26 14:09:29 -0500
> End time 2011/08/29 01:43:28 -0500
--
-----------------------------------------------
ArCERT - http://www.arcert.gov.ar
Te: (54-11) 4343-9001 int.512/514 | 4345-0383
Fax:(54-11) 4343-7458
Av. Roque Saenz Peña 511 - Oficina:527
C1035AAA - Ciudad Autonoma de Buenos Aires
Argentina
-----------------------------------------------
More information about the nsp-security
mailing list