[nsp-sec] Citadel infections 18K
Jaap van Ginkel
J.A.vanGinkel at uva.nl
Thu Mar 14 04:11:56 EDT 2013
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On 03/14/2013 09:06 AM, Robert Jonsson wrote:
> Thanx, ACK for Sweden.
Please notice the update I've send this morning as I accidentally
slipped in some DNS servers that had traffic to the C&C
Jaap
>
> Cheers,
>
> Robert
>
> On 3/13/13 8:17 PM, Jaap van Ginkel wrote:
>> ----------- nsp-security Confidential --------
>>
>>
>>
>> Dear Colleagues,
>>
>> We found a Citadel C&C (Proxy) on our network (thanks to
>> Spamhaus).
>>
>> Address C&C: 145.100.104.41 port 80 (proxy for another node)
>> Timezone: GMT+0100
>>
>> For those who want them I've made a list from the netflow of
>> hosts that contacted the C&C. As it is an infected experimental
>> student machine so its very unlikely to be legal traffic
>>
>> For questions you can contact cert at surfnet.nl
>>
>> Jaap
>>
>>
>>
>>
>>
>>
>>
>> _______________________________________________ nsp-security
>> mailing list nsp-security at puck.nether.net
>> https://puck.nether.net/mailman/listinfo/nsp-security
>>
>> Please do not Forward, CC, or BCC this E-mail outside of the
>> nsp-security community. Confidentiality is essential for
>> effective Internet security counter-measures.
>> _______________________________________________
>>
>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/
iEYEARECAAYFAlFBhkwACgkQtKCv03oMKPpfcgCdE0GK25fCWDZ5vk67yOu/rcBs
5roAnRf9HDP+mtbMDRBL3DyhV+cYv16N
=1nTA
-----END PGP SIGNATURE-----
More information about the nsp-security
mailing list