[nsp-sec] [EGI-20120419-01] Linux botnet with IRC C&C
Tim Wilde
twilde at cymru.com
Tue Apr 24 09:45:03 EDT 2012
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On 4/24/2012 7:06 AM, Serge Droz wrote:
> ----------- nsp-security Confidential --------
>
> Hello List,
>
> On of our customer discovered a breaking where where the unix
> hosts where turned in to drones. The write up is below
>
> @Team Cymru: Could you take that the CCs into your feeds
Serge,
Thanks for sending this along! king.changeip.org and 64.184.96.7
added to the DNSRR and DDoS-RS respectively. kingofkings.compress.to
and its current IP were already there.
Thanks,
Tim
- --
Tim Wilde, Software Engineer, Team Cymru, Inc.
twilde at cymru.com | +1-847-378-3333 | http://www.team-cymru.org/
-----BEGIN PGP SIGNATURE-----
iQIcBAEBAgAGBQJPlq5eAAoJED1BdOFPDWdbGwsQAN56J4mjFTaHxjOkFeMKFJXM
CRyIpKqJOHxK9Ps1l6fgQJklgqQKPnFJ0mf2kPYk5w6iHSdAe0QD0oy5e4BPbhWl
1T22xwhhafl04b4a6oBdxmYwSDDbqq8HW/Jgpl78LQvV6k9dlFgmMe15ACJAkAOt
qY3vXcZ2DeN30C6tFkDU4M3o/NAnpHkS0gJvWz3mx8vYCMqsbYeBMdOjZzIdKNCb
blPwaGSrW862rxCUFApuxK2CP+TKepCfB7bIt60w9mbkwWA7O1tRjDBJrv3l9lgH
iG4re0apk2d9qKlD/l89BymAQLjmAJdRAfRcNmQ94HIiFpBNnnW6TOL1vZBaS55T
bS43PS7MPcI3wg7argWVj78O8o+Njo0JASOb6CDi43EjhwJT3SSJXPWEA3lQWFG/
fIcvwVw0xTTaXzlOPNieSk+dHhCYOM4J81Th9tKtt45unMWo9aki90dc448Yzj6n
hsISkgWjqnGHpZ+W2Y/424hG+Z94KqWgbSZpjF6crc1N3dVTrAnu99P+k8eou92B
qTiTzByP2RxpyL60JWtbJmF+jVVZy6iRa+sS3ZW97V5l7MRqbICK1eJ6N/JoBFB9
NL0fFPg5527EtLjCNIN67sltPHABzkmp0plHiPPYv6Eyw6zxgPEKX1i9LdeG0IpK
Hf1Gd/Xz+XF4Fdpv+D1t
=NXuq
-----END PGP SIGNATURE-----
More information about the nsp-security
mailing list