drone armies C&C report - Jan/2005
From: Gadi Evron (gadi_at_tehila.gov.il)
Date: 01/30/05
- Previous message: Sune Kloppenborg Jeppesen: "[ GLSA 200501-41 ] TikiWiki: Arbitrary command execution"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Sun, 30 Jan 2005 13:43:25 +0200 To: bugtraq@securityfocus.com
Below is a periodic public report from the drone armies / botnets
research and mitigation mailing list.
For this report it should be noted that we base our analysis on the data
we have accumulated from various sources.
According to our incomplete analysis of information we have thus far, we
now publish two reports.
The ISP's that are most often plagued with botnet C&C's (command &
control) are, by the order listed:
----------------------------------
1. AS21844 THEPL-1 THE PLANET
2. AS6517 YIPS Yipes Communications Inc
3. AS21840 SAGONE Sago Networks
4. AS4766 KIXS-AS-KR Korea Telecom
5. AS5731 ATTW AT&T WorldNet Services
6. AS25761 STAMIN-2 Staminus Communicatio
7. AS30083 SERVE-6 Server4You Inc.
* We would gladly like to establish a trusted relationship with
these and any organizations to help them in the future.
The Trojan horses most used in botnets:
---------------------------------------
1. Korgobot.
2. SpyBot.
3. Optix Pro.
4. rBot.
5. Other SpyBot variants and strains (AgoBot, PhatBot, actual SDbots,
etc.).
Contact information:
Hank Nussbacher <hank@mail.iucc.ac.il>
Gadi Evron (as specified below)
-- Gadi Evron, Information Security Manager, Project Tehila - Israeli Government Internet Security. Ministry of Finance, Israel. gadi@tehila.gov.il gadi@CERT.gov.il Office: +972-2-5317890 Fax: +972-2-5317801 http://www.tehila.gov.il The opinions, views, facts or anything else expressed in this email message are not necessarily those of the Israeli Government.
- Previous message: Sune Kloppenborg Jeppesen: "[ GLSA 200501-41 ] TikiWiki: Arbitrary command execution"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
