[nsp-sec] Citadel infections 18K
Ryan Pavely
paradox at corp.nac.net
Thu Mar 14 11:38:07 EDT 2013
Ack 8001
Ryan Pavely
Title not found
Net Access Corporation
http://www.nac.net/
On 3/13/2013 3:17 PM, Jaap van Ginkel wrote:
> ----------- nsp-security Confidential --------
>
>
>
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Dear Colleagues,
>
> We found a Citadel C&C (Proxy) on our network (thanks to Spamhaus).
>
> Address C&C: 145.100.104.41 port 80 (proxy for another node)
> Timezone: GMT+0100
>
> For those who want them I've made a list from the netflow of hosts
> that contacted the C&C. As it is an infected experimental student
> machine so its very unlikely to be legal traffic
>
> For questions you can contact cert at surfnet.nl
>
> Jaap
>
>
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.11 (GNU/Linux)
> Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/
>
> iEYEARECAAYFAlFA0LAACgkQtKCv03oMKPrOaQCgzahvX/uY8Rz8YxyebCosXtUs
> R14AoPv1nTODvmZMOICy5nOnQXjU0l9f
> =miuB
> -----END PGP SIGNATURE-----
>
>
>
> _______________________________________________
> nsp-security mailing list
> nsp-security at puck.nether.net
> https://puck.nether.net/mailman/listinfo/nsp-security
>
> Please do not Forward, CC, or BCC this E-mail outside of the nsp-security
> community. Confidentiality is essential for effective Internet security counter-measures.
> _______________________________________________
More information about the nsp-security
mailing list