[nsp-sec] Botnet takedown - Chinese SSH Brute Force
Peter Peters
P.G.M.Peters at utwente.nl
Thu Apr 9 11:30:05 EDT 2015
Wentworth, Brett wrote on 08-04-2015 19:52:
> Further details can be found in the attached report (some of the IPs have changed but the behavior is the same):
> http://blog.malwaremustdie.org/2014/09/mmd-0028-2014-fuzzy-reversing-new-china.html
> https://www.fireeye.com/blog/threat-research/2015/02/anatomy_of_a_brutef.html
Does
http://blog.level3.com/security/breaking-botnets-how-level-3-and-cisco-worked-together-to-improve-the-internets-security-and-stop-sshpsychos/
reference the same botnet? I see the same IP addresses appear.
--
Peter Peters | Security manager, coordinator Kwaliteitszorg |
Universiteit Twente | ICT-Servicecentrum | ICTS Regie |
T: 053 489 2301 | www.utwente.nl/icts | www.utwente.nl/itsecurity
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 455 bytes
Desc: OpenPGP digital signature
URL: <https://puck.nether.net/mailman/private/nsp-security/attachments/20150409/9b88370e/attachment.sig>
More information about the nsp-security
mailing list