[nsp-sec] Flashback C&C ?
Mike Tancsa
mike at sentex.net
Mon Apr 16 15:23:32 EDT 2012
I received the email below in our support queue from a CDN gov agency
claiming the hosts below are somehow involved with the flashback
botnet. Does anyone have any more details about the hosts below ?
--------------------------------------
The Canadian Cyber Incident Response Centre (CCIRC) is responsible for
monitoring and providing mitigation advice on cyber threats and
coordinating the national response to cyber security incident affecting
Canadian Critical Infrastructures.
CCIRC received reports that IP address(es) associated with your
organization may be communicating with the malicious Flashback malware
command and control websites which were recently disabled by cyber
security organizations.
CCIRC recommends your security team locate and investigate any internal
hosts communicating with the destination IPs or URL's listed below.
hxxp://vxvhwcixcxqxd[.]com 91[.]233[.]244[.]102
hxxp://cuojshtbohnt[.]com 91[.]233[.]244[.]102
hxxp://Rfffnahfiywyd[.]com 91[.]233[.]244[.]102
------------------------------------------------------
---Mike
--
-------------------
Mike Tancsa, tel +1 519 651 3400
Sentex Communications, mike at sentex.net
Providing Internet services since 1994 www.sentex.net
Cambridge, Ontario Canada http://www.tancsa.com/
More information about the nsp-security
mailing list