Security Incidents mailing list archives
Win32.Mitglieder.DH epidemy
From: Vsevolod Gavrilenko <gvj () corbina net>
Date: Mon, 28 Nov 2005 15:47:01 +0300
Good afternoon incidents () securityfocus com <incidents () securityfocus com>, Hello. Nowtimes we are expecting a large amount of requests from live and wild botnet under Win32.Mitglieder.DH. We host one of the contact sites (tarkan.ru), so we got about 110K unique requests today on 16:00 MSK. The line looks like: 207.46.50.74 - - [28/Nov/2005:15:39:50 +0300] "GET /images/tst.php?p=1033&id=26912415p HTTP/1.1" 302 302 "-" "fog" Now we are redirecting all these requests to 127.0.0.1 and going to send abuse reports to network owners. -- Vsevolod Gavrilenko mailto:gvj () corbina net Corbina Telecom, tel. +7 095 7284000
Current thread:
- Win32.Mitglieder.DH epidemy Vsevolod Gavrilenko (Nov 28)