[nsp-sec] ACK224 Re: Citadel infections 18K
Rune Sydskjør
rune.sydskjor at uninett.no
Fri Mar 15 03:39:57 EDT 2013
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Thanks!
ACK 224.
Regards,
Rune Sydskjør, UNINETT CERT
On 03/13/2013 08:17 PM, Jaap van Ginkel wrote:
> ----------- nsp-security Confidential --------
>
>
>
> Dear Colleagues,
>
> We found a Citadel C&C (Proxy) on our network (thanks to
> Spamhaus).
>
> Address C&C: 145.100.104.41 port 80 (proxy for another node)
> Timezone: GMT+0100
>
> For those who want them I've made a list from the netflow of hosts
> that contacted the C&C. As it is an infected experimental student
> machine so its very unlikely to be legal traffic
>
> For questions you can contact cert at surfnet.nl
>
> Jaap
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/
iD8DBQFRQtBNRY0ei6C6y0kRAgxUAJ9/7jT2DABQsIgXfs29fCKcz1OGjQCeJFPr
VJ97RTFoeNicTtja+pTIUtA=
=A3m0
-----END PGP SIGNATURE-----
More information about the nsp-security
mailing list