[nsp-sec] Hlux/Kelihos p2p botnet sinkhole ... some results - part two
Wim Biemolt
Wim.Biemolt at surfnet.nl
Mon Oct 3 16:26:37 EDT 2011
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Dear all,
Attached part two (asn >= 12338) of the hosts that showed up on the
Hlux/Kelihos p2p botnet sinkhole. The machines are all infected with
the Hlux bot and should be cleaned. The timestamps are in GMT, with
nanosecond resolution.
Credit goes to Kaspersky for running the sinhole. Much more details:
http://www.securelist.com/en/blog/208193137/Botnet_Shutdown_Success_Story_How_Kaspersky_Lab_Disabled_the_Hlux_Kelihos_Botnet
Cheers,
- -Wim -/- SURFcert
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (Darwin)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
iEYEARECAAYFAk6KGn0ACgkQi276J+8k6ihh4ACg0FUOXqNS93pAiEcOTp61Og35
LNoAnjLxZN16qLms9cOvFRsNEgP3cJOk
=/wRX
-----END PGP SIGNATURE-----
-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: Hlux-Kelihos-part2.txt
URL: <https://puck.nether.net/mailman/private/nsp-security/attachments/20111003/3ac01dac/attachment-0001.txt>
More information about the nsp-security
mailing list