[nsp-sec] Compromised websites
Gabriel Iovino
giovino at ren-isac.net
Mon Jul 18 12:17:55 EDT 2011
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On 7/18/2011 10:22 AM, Thomas Hungenberg wrote:
> Please find below the list of ~10.000 compromised websites.
> Format: ASN | IP | CC | domain name | AS desc
>
> In a compromised webspace, you should find the malicious PHP script, a directory ".log"
> with spam pages generated by the script, a file "xml.cgi" which holds the domain name
> of the C&C server (base64 encoded), etc.
ACK:
> 802 | 130.63.69.211 | CA | execdev.schulich.yorku.ca | YORKU-AS - York University
> 802 | 130.63.69.211 | CA | seec.schulich.yorku.ca | YORKU-AS - York University
Thanks!
Gabe
- --
Gabriel Iovino
Principal Security Engineer, REN-ISAC
http://www.ren-isac.net
24x7 Watch Desk +1(317)278-6630
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
iEYEARECAAYFAk4kXK8ACgkQwqygxIz+pTuRuwCfWYBxkL8VFBR8DmWYPDFijHa2
SJMAoLe1RO7h4VtvZtVer2tsUBHNc7+g
=g9MN
-----END PGP SIGNATURE-----
More information about the nsp-security
mailing list