[nsp-sec] Citadel infections 18K
Jaap van Ginkel
J.A.vanGinkel at uva.nl
Wed Mar 13 15:17:04 EDT 2013
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Dear Colleagues,
We found a Citadel C&C (Proxy) on our network (thanks to Spamhaus).
Address C&C: 145.100.104.41 port 80 (proxy for another node)
Timezone: GMT+0100
For those who want them I've made a list from the netflow of hosts
that contacted the C&C. As it is an infected experimental student
machine so its very unlikely to be legal traffic
For questions you can contact cert at surfnet.nl
Jaap
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/
iEYEARECAAYFAlFA0LAACgkQtKCv03oMKPrOaQCgzahvX/uY8Rz8YxyebCosXtUs
R14AoPv1nTODvmZMOICy5nOnQXjU0l9f
=miuB
-----END PGP SIGNATURE-----
-------------- next part --------------
A non-text attachment was scrubbed...
Name: citadel-OS3-AS.zip
Type: application/zip
Size: 246357 bytes
Desc: not available
URL: <https://puck.nether.net/mailman/private/nsp-security/attachments/20130313/f07336d5/attachment-0001.zip>
More information about the nsp-security
mailing list