[nsp-sec] Hlux/Kelihos p2p botnet sinkhole ... some results - part one
jim deleskie
deleskie at gmail.com
Mon Oct 3 20:29:20 EDT 2011
ACK 4755, 6453, 10199
On Mon, Oct 3, 2011 at 5:25 PM, Wim Biemolt <Wim.Biemolt at surfnet.nl> wrote:
> ----------- nsp-security Confidential --------
>
>
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Dear all,
>
> Attached part one (asn <= 12334) of the hosts that showed up on the
> Hlux/Kelihos p2p botnet sinkhole. The machines are all infected with
> the Hlux bot and should be cleaned. The timestamps are in GMT, with
> nanosecond resolution.
>
> Credit goes to Kaspersky for running the sinhole. Much more details:
>
>
> http://www.securelist.com/en/blog/208193137/Botnet_Shutdown_Success_Story_How_Kaspersky_Lab_Disabled_the_Hlux_Kelihos_Botnet
>
> Cheers,
>
> - -Wim -/- SURFcert
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.9 (Darwin)
> Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
>
> iEYEARECAAYFAk6KGjYACgkQi276J+8k6ihlAgCfcB3DMREYXnShygd5QVuhg5yB
> 2rkAn37pdl5huVj+GE/7JrKiJ/TYvzGl
> =nP9P
> -----END PGP SIGNATURE-----
>
>
>
> _______________________________________________
> nsp-security mailing list
> nsp-security at puck.nether.net
> https://puck.nether.net/mailman/listinfo/nsp-security
>
> Please do not Forward, CC, or BCC this E-mail outside of the nsp-security
> community. Confidentiality is essential for effective Internet security
> counter-measures.
> _______________________________________________
>
More information about the nsp-security
mailing list