Educause Security Discussion mailing list archives
Re: Phatbot
From: Scott Weeks <sweeks () SANDIEGO EDU>
Date: Fri, 19 Mar 2004 08:49:32 -0800
Hello Everyone, I see there're six IP addresses that the infected machines contact to do their "speed test". I suppose we could just monitor traffic to these addresses to find infected machines? Doing traceroutes to the URLs in the article gives the following list: 131.113.213.132 140.114.72.8 171.67.16.66 207.155.248.63 130.89.1.16 212.227.147.70 Whatcha' think? scott : Another good web site. : http://www.lurhq.com/phatbot.html : http://www.washingtonpost.com/wp-dyn/articles/A444-2004Mar17.html : follows: : Hackers Embrace P2P Concept : Experts Fear 'Phatbot' Trojan Could Lead to New Wave of Spam or : Denial-of-Service Attacks ===== ********** Participation and subscription information for this EDUCAUSE Discussion Group discussion list can be found at http://www.educause.edu/cg/.
Current thread:
- Phatbot Kathie Brinkman (Mar 18)
- <Possible follow-ups>
- Re: Phatbot James Moore (Mar 18)
- Re: Phatbot Jeff Birch (Mar 19)
- Re: Phatbot Scott Weeks (Mar 19)
- Re: Phatbot Marty Hoag (Mar 19)
- Re: Phatbot Daniel Medina (Mar 19)
- Re: Phatbot Doug Pearson (Mar 19)
- Re: Phatbot Gary Flynn (Mar 19)
- Re: Phatbot Dr. Tina Bird (Mar 19)
- Re: Phatbot Mike Iglesias (Mar 19)
- Re: Phatbot Brian Eckman (Mar 19)
- Re: Phatbot Mike Iglesias (Mar 19)
- Re: Phatbot Jeff Kell (Mar 19)