[nsp-sec] AS553, 680, 5501, 8365, 12816, 20633 - spyeye infected drones

Torsten Voss voss at dfn-cert.de
Thu Mar 17 11:25:57 EDT 2011 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hi Dirk,

thanks and ACK 553, 680, 5501, 8365, 12816, 20633

Cheers,
  Torsten

Am 17.03.2011 um 15:18 schrieb Dirk Stander:

> > ----------- nsp-security Confidential --------
> >
> > Hi Teams,
> >
> > please find attached a list of drones, which contacted one of the
> > domains mentioned here:
> > http://ddanchev.blogspot.com/2011/03/more-spamvertised-dhl-notifications.html
> >
> > The drones are using a unique User-Agent string, "Opera/10.80 Pesto/2.2.30"
> >
> > The format of the list is:
> > ASN | IP | CC | date first seen
> >
> >    kind regards, Dirk Stander (1&1 Internet AG) :.
> > <20110317-spyeye-drones-small.txt>
> >
> > _______________________________________________
> > nsp-security mailing list
> > nsp-security at puck.nether.net
> > https://puck.nether.net/mailman/listinfo/nsp-security
> >
> > Please do not Forward, CC, or BCC this E-mail outside of the nsp-security
> > community. Confidentiality is essential for effective Internet security
counter-measures.
> > _______________________________________________




- -- 
Dipl.-Ing.(FH) Torsten Voss (Incident Response Team), Phone +49 40 808077-634

DFN-CERT Services GmbH, https://www.dfn-cert.de, Phone  +49 40 808077-590
Sitz / Register: Hamburg, AG Hamburg, HRB 88805, Ust-IdNr.:  DE 232129737
Sachsenstrasse 5, 20097 Hamburg/Germany, CEO: Dr. Klaus-Peter Kossakowski

Automatische Warnmeldungen               https://www.cert.dfn.de/autowarn

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.12 (GNU/Linux)
Comment: Using GnuPG with SUSE - http://enigmail.mozdev.org/

iQEVAwUBTYIoBCXNv0Upg26pAQKCgQgAvf6Cy/BKClIEjLtVhUBOFuyA7TzCgjSw
K24EudXlrbDDNtComiILJf5kmUmxfLy0ZjBFWbQNWK+Va6Eg2jQ0CM0wnPhcz0mM
nkdvq+V489jKH4RmD7jCy+8La6Wqij6EvtUYkO14KkC0hH+DM4j/gfJQadr1KVcm
z4q0iQ0lBI99fxuOwq3JsAdOMfbHH6xfwHC8d79E6xUSawv5Sf7Gu5E2CZ9Wc4lt
p4CrvI0ie8StXjXSb991S15EETmNq9LBfqyDHXRGDuRPp6tQYyKAc3ozzO/X9J4B
gQ1eKQ8m/VxhTzzwhCiyfRXSgcoFAk+Y3frcjjGYhbClxJofs4LKWw==
=HZQn
-----END PGP SIGNATURE-----

More information about the nsp-security mailing list