nanog mailing list archives
zotob C&C servers
From: Gadi Evron <ge () linuxbox org>
Date: Mon, 15 Aug 2005 21:13:56 +0200
Hi guys.Zotob, once infected, connects the machine to a botnet C&C (command & control) server. Due to the extremely rapid spread of these worms, here is the C&C servers information that has been confirmed so far:
62.193.233.52:8080 84.244.7.62:8080 204.13.171.157:8080 62.193.233.4:8080 ASN | IP | Responsible Party ----------------------------------------------------------- 12832 | 84.244.7.62 | LYCOS-EUROPE Lycos Europe GmbH 19742 | 204.13.171.157 | MARLIN - Marlin eSourcing Solu 28677 | 62.193.233.52 | AMEN AMEN Network 28677 | 62.193.233.4 | AMEN AMEN NetworkFor your information and possible follow-up on your networks. This is spreading too quickly that wider activity is necessary.
For comments back to the drone armies & botnets research and mitigation mailing list, please go through our new PR team lead, "Fergie (Paul Ferguson)" <fergdawg () netzero net>.
Gadi.
Current thread:
- zotob C&C servers Gadi Evron (Aug 15)
- Re: zotob C&C servers Michael Grinnell (Aug 15)
- Re: zotob C&C servers Gadi Evron (Aug 15)
- Re: zotob C&C servers Gadi Evron (Aug 15)
- Re: zotob C&C servers Michael Grinnell (Aug 15)