[nsp-sec] Hlux/Kelihos p2p botnet sinkhole ... some results - part one
Carles Fragoso
cfragoso at cesicat.cat
Tue Oct 4 02:24:34 EDT 2011
Hi Wim,
> Attached part one (asn <= 12334) of the hosts that showed up on the
> Hlux/Kelihos p2p botnet sinkhole. The machines are all infected with
> the Hlux bot and should be cleaned. The timestamps are in GMT, with
> nanosecond resolution.
Thanks for the information! I'm taking care of ES related IPs although some of ISPs are already on the list.
> 422 3352 | TELEFONICA-DATA-ESPANA TELEFONICA DE ESPANA
> 121 12479 | UNI2-AS France Telecom Espana SA
> 119 12715 | JAZZNET Jazz Telecom S.A.
> 94 6739 | ONO-AS Cableuropa - ONO
> 46 12357 | COMUNITEL VODAFONE ESPANA, S.A.U.
> 17 12430 | VODAFONE_ES VODAFONE ESPANA S.A
> 9 766 | REDIRIS RedIRIS Autonomous System
> 6 10429 | Telefonica Empresas SA
> 5 12338 | EUSKALTEL Euskaltel S.A.
> 4 15732 | IBERBANDA-SPAIN Iberbanda AS for Spanish operations
> 3 15311 | Telefonica Empresas
> 2 34977 | PROCONO-AS PROCONO S.A.
BTW what is the number after IP and before the timestamp? It would be great for future notifications to include ISO country code on whois resolution.
Congratulations for the good work!
-- Carlos Fragoso
More information about the nsp-security
mailing list