[nsp-sec] Hlux/Kelihos p2p botnet sinkhole ... some results - part one
Serge Droz
serge.droz at switch.ch
Tue Oct 4 04:00:43 EDT 2011
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Ack
ASN 8404, 6772, 6730, 41715, 34781, 15547, 1257, 12350
Serge
On 10/3/11 10:25 PM, Wim Biemolt wrote:
> ----------- nsp-security Confidential --------
>
>
>
>
> Dear all,
>
> Attached part one (asn <= 12334) of the hosts that showed up on
> the Hlux/Kelihos p2p botnet sinkhole. The machines are all infected
> with the Hlux bot and should be cleaned. The timestamps are in GMT,
> with nanosecond resolution.
>
> Credit goes to Kaspersky for running the sinhole. Much more
> details:
>
> http://www.securelist.com/en/blog/208193137/Botnet_Shutdown_Success_Story_How_Kaspersky_Lab_Disabled_the_Hlux_Kelihos_Botnet
>
> Cheers,
>
> -Wim -/- SURFcert
>
>
>
>
>
> _______________________________________________ nsp-security
> mailing list nsp-security at puck.nether.net
> https://puck.nether.net/mailman/listinfo/nsp-security
>
> Please do not Forward, CC, or BCC this E-mail outside of the
> nsp-security community. Confidentiality is essential for effective
> Internet security counter-measures.
> _______________________________________________
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (Darwin)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
iEYEARECAAYFAk6KvSsACgkQBvXr67kr0Sdh2ACg1rGwtBtkLieFX/y4yX0pt10P
ijsAoIwbvS8UUmP4TZJh/5lEec5FhBcR
=lxO3
-----END PGP SIGNATURE-----
More information about the nsp-security
mailing list