[nsp-sec] Citadel infections 18K
Robert Jonsson
robert.jonsson at cert.se
Thu Mar 14 04:06:03 EDT 2013
Thanx, ACK for Sweden.
Cheers,
Robert
On 3/13/13 8:17 PM, Jaap van Ginkel wrote:
> ----------- nsp-security Confidential --------
>
>
>
> Dear Colleagues,
>
> We found a Citadel C&C (Proxy) on our network (thanks to Spamhaus).
>
> Address C&C: 145.100.104.41 port 80 (proxy for another node)
> Timezone: GMT+0100
>
> For those who want them I've made a list from the netflow of hosts
> that contacted the C&C. As it is an infected experimental student
> machine so its very unlikely to be legal traffic
>
> For questions you can contact cert at surfnet.nl
>
> Jaap
>
>
>
>
>
>
>
> _______________________________________________
> nsp-security mailing list
> nsp-security at puck.nether.net
> https://puck.nether.net/mailman/listinfo/nsp-security
>
> Please do not Forward, CC, or BCC this E-mail outside of the nsp-security
> community. Confidentiality is essential for effective Internet security counter-measures.
> _______________________________________________
>
--
Robert Jonsson
CERT-SE
Mobile: +46 73 412 26 33
Mailto: robert.jonsson at cert.se
Post address: MSB/CERT-SE, Fleminggatan 14, 111 22 Stockholm
Office address: MSB/CERT-SE, Fleminggatan 14, 111 22 Stockholm
CERT-SE Duty Officer: +46 8 678 5799
CERT-SE Mailto: cert at cert.se
Operator: +46 771 240 240
Fax: +46 706 104 711
PGP-Key: https://www.cert.se/robert.jonsson_at_sitic.se.asc
PGP-Fingerprint: 4ADA 22C7 5EBA E90E 3175 6CEC D434 9452 160F C68E
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 203 bytes
Desc: OpenPGP digital signature
URL: <https://puck.nether.net/mailman/private/nsp-security/attachments/20130314/c9271716/attachment-0001.sig>
More information about the nsp-security
mailing list