First post, hi everybody! -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512
Dean De Beer wrote: > This site appears to be run by the authors to host their malware. [...] > hxxp://www.ahack.info The IP for www.ahack.info is: 203.202.239.59 According to a simple vhosts query tool I wrote, that IP also hosts these sites: e-gold-exchange.net hook-up-tonight.com ns112233.org liberty-exchange.net ueaconline.com www.ahack.info www.y-press.ru www.serialydvd.ru sarazin.ru pinoc.info sh0p0rtal.com sh0pp0rtal.com www.google-world.biz robotraf.com (mentioned on a slashdot story a couple days ago, about the business of malware) adword.google-gw.info f9i.org stocktraffic.net sweet-mp3.com thebestlog.org ultra-shop.biz google-gw.info Interesting, huh? - -- Arturo "Buanzo" Busleiman Independent Linux and Security Consultant - SANS - OISSG - OWASP http://www.buanzo.com.ar/pro/eng.html Mailing List Archives at http://archiver.mailfighter.net -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFIuGjqAlpOsGhXcE0RCqN8AJ94odfmWd9v2C7iScQYKmzOuTAhHQCaAmiL 3Wltkpvn1PFrZpYMOMRAV5A= =T7ql -----END PGP SIGNATURE----- _______________________________________________ botnets@, the public's dumping ground for maliciousness All list and server information are public and available to law enforcement upon request. http://www.whitestar.linuxbox.org/mailman/listinfo/botnets