[nsp-sec] ACK 680 - Bitcoin Miner/BadMiner - Peer list
Torsten Voss
voss at dfn-cert.de
Thu Sep 1 05:43:32 EDT 2011
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Thanks and ACK for AS 680.
Cheers,
Torsten
Am 31.08.2011 03:12, schrieb Nicholas Ianelli:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Folks,
>
> Attached is the list of peers being circulated through the BadMiner
> malware (all IP addresses for the P2P comms). The current active
> peers amounts to 7381, while the total number of peers being shared is
> over 49K.
>
> Additional details can be found here:
>
> http://www.securelist.com/en/blog/208193084/The_Miner_Botnet_Bitcoin_Mining_Goes_Peer_To_Peer
>
> http://www.symantec.com/business/security_response/writeup.jsp?docid=2011-081115-5847-99
>
> The data was acquired on 20110830 starting at roughly 1900GMT.
>
> Feel free to pass on/utilize as you see fit. Please ensure you remove
> any personal or list attribution prior to distribution.
>
> The URL for the ASN info is here:
>
> https://asn.cymru.com/nsp-sec/upload/1314752423.whois.txt
>
> Apologies for the large attachment, 49K + hosts. The ASNs involved are:
>
- --
Dipl.-Ing.(FH) Torsten Voss (Incident Response Team), Phone +49 40 808077-634
DFN-CERT Services GmbH, https://www.dfn-cert.de, Phone +49 40 808077-590
Sitz / Register: Hamburg, AG Hamburg, HRB 88805, Ust-IdNr.: DE 232129737
Sachsenstrasse 5, 20097 Hamburg/Germany, CEO: Dr. Klaus-Peter Kossakowski
Automatische Warnmeldungen https://www.cert.dfn.de/autowarn
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.16 (GNU/Linux)
Comment: Using GnuPG with SUSE - http://enigmail.mozdev.org/
iEYEARECAAYFAk5fU8QACgkQLn8qYyAllOQsFwCeM15Wf3KHXwrtxss7dHZsS0My
niwAoIw3v81I0k1uZ6Y/XqYxp+NO/gH9
=LJfn
-----END PGP SIGNATURE-----
More information about the nsp-security
mailing list