[nsp-sec] Hlux/Kelihos p2p botnet sinkhole ... more results - 2011-10-04
Wim Biemolt
Wim.Biemolt at surfnet.nl
Wed Oct 5 04:47:06 EDT 2011
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Dear all,
Attached is a list of the hosts that showed up on October 4th in our
Hlux/Kelihos p2p botnet sinkhole. The machines are all infected with
the Hlux bot and should be cleaned. This (verbose) list shows only a
count of the number of connections. Separately I will post a link to
the complete logs showing all connections:
* IP address
* source port
* time (GMT)
Yesterday, Oct 4th, we had roughly three million connections coming
from 15917 different IPv4 addresses. Still not sure what is the best
way to distribute this. Hope this helps.
Cheers,
- -Wim -/- SURFcert
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (Darwin)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
iEYEARECAAYFAk6MGYoACgkQi276J+8k6ijMnwCfcCOHXqi3zEGEVWsCNvIcDS2J
sgIAoOeMHPEe8UzSKVIfR1Pgd7Ck4Fhk
=nrSE
-----END PGP SIGNATURE-----
-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: Hlux-Kelihos-2011-10-04.txt
URL: <https://puck.nether.net/mailman/private/nsp-security/attachments/20111005/8131379c/attachment-0001.txt>
More information about the nsp-security
mailing list