[nsp-sec] Citadel infections 18K - ACK: 2119
Helge Aksdal
helge.aksdal at telenor.com
Wed Mar 13 15:47:38 EDT 2013
* Jaap van Ginkel (2013-03-13 20:17):
> ----------- nsp-security Confidential --------
>
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Dear Colleagues,
>
> We found a Citadel C&C (Proxy) on our network (thanks to Spamhaus).
>
> Address C&C: 145.100.104.41 port 80 (proxy for another node)
> Timezone: GMT+0100
>
> For those who want them I've made a list from the netflow of hosts
> that contacted the C&C. As it is an infected experimental student
> machine so its very unlikely to be legal traffic
Thanks a lot, and ack for 2119!
--
Helge Aksdal
Telenor
More information about the nsp-security
mailing list