[nsp-sec] Citadel infections 18K
Beth Young
youngba at ren-isac.net
Thu Mar 14 11:50:24 EDT 2013
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
ACK for
104 | 198.11.27.35 | COLORADO-AS - University of Colorado at
Boulder
On 3/14/2013 3:11 AM, Jaap van Ginkel wrote:
> ----------- nsp-security Confidential --------
>
> On 03/14/2013 09:06 AM, Robert Jonsson wrote:
>> Thanx, ACK for Sweden.
>
>
> Please notice the update I've send this morning as I accidentally
> slipped in some DNS servers that had traffic to the C&C
>
>
> Jaap
>
>> Cheers,
>
>> Robert
>
>> On 3/13/13 8:17 PM, Jaap van Ginkel wrote:
>>> ----------- nsp-security Confidential --------
>>>
>>>
>>>
>>> Dear Colleagues,
>>>
>>> We found a Citadel C&C (Proxy) on our network (thanks to
>>> Spamhaus).
>>>
>>> Address C&C: 145.100.104.41 port 80 (proxy for another node)
>>> Timezone: GMT+0100
>>>
>>> For those who want them I've made a list from the netflow of
>>> hosts that contacted the C&C. As it is an infected
>>> experimental student machine so its very unlikely to be legal
>>> traffic
>>>
>>> For questions you can contact cert at surfnet.nl
>>>
>>> Jaap
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>> _______________________________________________ nsp-security
>>> mailing list nsp-security at puck.nether.net
>>> https://puck.nether.net/mailman/listinfo/nsp-security
>>>
>>> Please do not Forward, CC, or BCC this E-mail outside of the
>>> nsp-security community. Confidentiality is essential for
>>> effective Internet security counter-measures.
>>> _______________________________________________
>>>
>
>
>
>
> _______________________________________________ nsp-security
> mailing list nsp-security at puck.nether.net
> https://puck.nether.net/mailman/listinfo/nsp-security
>
> Please do not Forward, CC, or BCC this E-mail outside of the
> nsp-security community. Confidentiality is essential for effective
> Internet security counter-measures.
> _______________________________________________
- --
Beth Young, CISSP
soc at ren-isac.net
http://www.ren-isac.net
24x7 Watch Desk +1(317)278-6630
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.17 (MingW32)
iQEVAwUBUUHxwHOn520JM2MZAQIFigf+O1W4dFvjuJMiUEOnZXLkYsOX4L8JsrC+
jHojt5lsU71Nmy4N9I9HQK4qA3UPfAbzei9I3fyr7bAetxM4AX+hGAbbvhMKOP/6
V1ZTgOwyxRd4oXjrATYBU0hFPKZOpC262QqM4exjLZ9qgQi8ypCwFb1M7VIsGTgC
ltOxb9Y97wPq7B4D5OE2z2Sh1Fa+gd/X5jV+3GJ5hOY5AOMXq2AJ8YVYnalqXFHN
bli6nKaZzXoz+JlxmRFRY0p+AEHexdGOAQFAnu5SeT5buCC6sgxhyr0TOdb1gdZ5
lnFX2/H9l4ldCsOeKkuBGDKrMI385YuNOTw1LZUR6zvsGLt88GKogg==
=r+2f
-----END PGP SIGNATURE-----
More information about the nsp-security
mailing list