[nsp-sec] Hlux/Kelihos p2p botnet sinkhole ... some results - part one
Wim Biemolt
Wim.Biemolt at surfnet.nl
Mon Oct 3 16:25:26 EDT 2011
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Dear all,
Attached part one (asn <= 12334) of the hosts that showed up on the
Hlux/Kelihos p2p botnet sinkhole. The machines are all infected with
the Hlux bot and should be cleaned. The timestamps are in GMT, with
nanosecond resolution.
Credit goes to Kaspersky for running the sinhole. Much more details:
http://www.securelist.com/en/blog/208193137/Botnet_Shutdown_Success_Story_How_Kaspersky_Lab_Disabled_the_Hlux_Kelihos_Botnet
Cheers,
- -Wim -/- SURFcert
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (Darwin)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
iEYEARECAAYFAk6KGjYACgkQi276J+8k6ihlAgCfcB3DMREYXnShygd5QVuhg5yB
2rkAn37pdl5huVj+GE/7JrKiJ/TYvzGl
=nP9P
-----END PGP SIGNATURE-----
-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: Hlux-Kelihos-part1.txt
URL: <https://puck.nether.net/mailman/private/nsp-security/attachments/20111003/499ff379/attachment-0001.txt>
More information about the nsp-security
mailing list