Re: [botnets] New Storm variant
To report a botnet PRIVATELY please email: [EMAIL PROTECTED] -- John, I may know some people in Russia that can help. What would you like me to request? Regards, Adriel T. Desautels Chief Technology Officer Netragard, LLC. Office : 617-934-0269 Mobile : 617-633-3821 http://www.linkedin.com/pub/1/118/a45 --- Netragard, LLC - http://www.netragard.com - We make IT Safe Penetration Testing, Vulnerability Assessments, Website Security John Draper wrote: To report a botnet PRIVATELY please email: [EMAIL PROTECTED] -- Richard Cox wrote: To report a botnet PRIVATELY please email: [EMAIL PROTECTED] -- The new instance of the Storm worm launched on Christmas Eve is already having a major impact (see http://www.spamhaus.org/news.lasso?article=624) Whoever planned this worm attack was clever - he ran all his malware domains (which the victims click on to download their greetings cards - aka trojans) on fast-flux (botnet) hosting, relying on the Russian ccTLD (nic.ru) to do the updates. Unfortunately for all of us, nic.ru is closed for Christmas and New Year - not returning until January 9th. Many people have tried to contact nic.ru, both by telephone (during their advertised opening times) and by email but nic.ru do not reply. Ten more days of infection - at the very least - will get that guy one huge botnet and I know I don't need to mention what that sort of power could do. If anyone DOES know of an emergency process to contact nic.ru, could they either use it, post it here, and/or mail me directly with it? Thanks - and seasonal greetings all round! Best regards Darn - my last Russian contact left the country last year... Don't know anyone who lives in Moscow anymore or I would have them physically go to there they are and contact them... Also, calling Russian ISP's (assuming you get around the language barrior) can be daunting... VIOP and other cheap means to call Russia aside, is still rather difficult. Also, I hear a lot of Russian ISP's are on the take and cater to a lot of fraud and other activities... Good luck in your venture... and find someone who speaks fluent Russian for starters... John ___ To report a botnet PRIVATELY please email: [EMAIL PROTECTED] All list and server information are public and available to law enforcement upon request. http://www.whitestar.linuxbox.org/mailman/listinfo/botnets begin:vcard fn:Adriel T Desautels n:Desautels;Adriel T org:Netragard, LLC. adr:;;17 Sheldon Road;Mendham ;NJ;;USA email;internet:[EMAIL PROTECTED] title:Chief Technology Officer tel;work:617-934-0269 tel;cell:617-633-3821 x-mozilla-html:FALSE url:http://www.netragard.com version:2.1 end:vcard signature.asc Description: OpenPGP digital signature ___ To report a botnet PRIVATELY please email: [EMAIL PROTECTED] All list and server information are public and available to law enforcement upon request. http://www.whitestar.linuxbox.org/mailman/listinfo/botnets
Re: [botnets] New Storm variant
To report a botnet PRIVATELY please email: [EMAIL PROTECTED] -- Adriel, The quick goal would be to get them (nic.ru) to suspend the 15 domains that are currently active: * familypostcards2008.com * freshcards2008.com * happy2008toyou.com * happycards2008.com * happysantacards.com * hellosanta2008.com * hohoho2008.com * merrychristmasdude.com * newyearcards2008.com * newyearwithlove.com * parentscards.com * postcards-2008.com * santapcards.com * santawishes2008.com * uhavepostcard.com If I missed one, please feel free to add it. Other than that, the goal I supposed would be to have more open communication with them as it seems no one is getting a response back. I know I haven't received one. Steven On 1/7/08 5:07 PM, Adriel Desautels [EMAIL PROTECTED] wrote: To report a botnet PRIVATELY please email: [EMAIL PROTECTED] -- John, I may know some people in Russia that can help. What would you like me to request? Regards, Adriel T. Desautels Chief Technology Officer Netragard, LLC. Office : 617-934-0269 Mobile : 617-633-3821 http://www.linkedin.com/pub/1/118/a45 a --- Netragard, LLC - http://www.netragard.com - We make IT Safe Penetration Testing, Vulnerability Assessments, Website Security John Draper wrote: To report a botnet PRIVATELY please email: [EMAIL PROTECTED] -- Richard Cox wrote: To report a botnet PRIVATELY please email: [EMAIL PROTECTED] -- The new instance of the Storm worm launched on Christmas Eve is already having a major impact (see http://www.spamhaus.org/news.lasso?article=624) Whoever planned this worm attack was clever - he ran all his malware domains (which the victims click on to download their greetings cards - aka trojans) on fast-flux (botnet) hosting, relying on the Russian ccTLD (nic.ru) to do the updates. Unfortunately for all of us, nic.ru is closed for Christmas and New Year - not returning until January 9th. Many people have tried to contact nic.ru, both by telephone (during their advertised opening times) and by email but nic.ru do not reply. Ten more days of infection - at the very least - will get that guy one huge botnet and I know I don't need to mention what that sort of power could do. If anyone DOES know of an emergency process to contact nic.ru, could they either use it, post it here, and/or mail me directly with it? Thanks - and seasonal greetings all round! Best regards Darn - my last Russian contact left the country last year... Don't know anyone who lives in Moscow anymore or I would have them physically go to there they are and contact them... Also, calling Russian ISP's (assuming you get around the language barrior) can be daunting... VIOP and other cheap means to call Russia aside, is still rather difficult. Also, I hear a lot of Russian ISP's are on the take and cater to a lot of fraud and other activities... Good luck in your venture... and find someone who speaks fluent Russian for starters... John ___ To report a botnet PRIVATELY please email: [EMAIL PROTECTED] All list and server information are public and available to law enforcement upon request. http://www.whitestar.linuxbox.org/mailman/listinfo/botnets ___ To report a botnet PRIVATELY please email: [EMAIL PROTECTED] All list and server information are public and available to law enforcement upon request. http://www.whitestar.linuxbox.org/mailman/listinfo/botnets ___ To report a botnet PRIVATELY please email: [EMAIL PROTECTED] All list and server information are public and available to law enforcement upon request. http://www.whitestar.linuxbox.org/mailman/listinfo/botnets
Re: [botnets] New Storm variant
To report a botnet PRIVATELY please email: [EMAIL PROTECTED] -- Hi Chato, These two domains are part of the original 13 that were registered with ESTDOMAINS (not nic.ru) and they should currently all be in a suspended state. Steven On Tue, 08 Jan 2008 00:24:20 +0100, Chato H. Flores [EMAIL PROTECTED] wrote: I add two domains to the list: ptowl.com yxbegan.com Best regards, Chato Flores On Mon, 07 Jan 2008 23:13:57 +0100 Steven Adair [EMAIL PROTECTED] wrote: To report a botnet PRIVATELY please email: [EMAIL PROTECTED] -- Adriel, The quick goal would be to get them (nic.ru) to suspend the 15 domains that are currently active: * familypostcards2008.com * freshcards2008.com * happy2008toyou.com * happycards2008.com * happysantacards.com * hellosanta2008.com * hohoho2008.com * merrychristmasdude.com * newyearcards2008.com * newyearwithlove.com * parentscards.com * postcards-2008.com * santapcards.com * santawishes2008.com * uhavepostcard.com If I missed one, please feel free to add it. Other than that, the goal I supposed would be to have more open communication with them as it seems no one is getting a response back. I know I haven't received one. Steven On 1/7/08 5:07 PM, Adriel Desautels [EMAIL PROTECTED] wrote: To report a botnet PRIVATELY please email: [EMAIL PROTECTED] -- John, I may know some people in Russia that can help. What would you like me to request? Regards, Adriel T. Desautels Chief Technology Officer Netragard, LLC. Office : 617-934-0269 Mobile : 617-633-3821 http://www.linkedin.com/pub/1/118/a45 a --- Netragard, LLC - http://www.netragard.com - We make IT Safe Penetration Testing, Vulnerability Assessments, Website Security John Draper wrote: To report a botnet PRIVATELY please email: [EMAIL PROTECTED] -- Richard Cox wrote: To report a botnet PRIVATELY please email: [EMAIL PROTECTED] -- The new instance of the Storm worm launched on Christmas Eve is already having a major impact (see http://www.spamhaus.org/news.lasso?article=624) Whoever planned this worm attack was clever - he ran all his malware domains (which the victims click on to download their greetings cards - aka trojans) on fast-flux (botnet) hosting, relying on the Russian ccTLD (nic.ru) to do the updates. Unfortunately for all of us, nic.ru is closed for Christmas and New Year - not returning until January 9th. Many people have tried to contact nic.ru, both by telephone (during their advertised opening times) and by email but nic.ru do not reply. Ten more days of infection - at the very least - will get that guy one huge botnet and I know I don't need to mention what that sort of power could do. If anyone DOES know of an emergency process to contact nic.ru, could they either use it, post it here, and/or mail me directly with it? Thanks - and seasonal greetings all round! Best regards Darn - my last Russian contact left the country last year... Don't know anyone who lives in Moscow anymore or I would have them physically go to there they are and contact them... Also, calling Russian ISP's (assuming you get around the language barrior) can be daunting... VIOP and other cheap means to call Russia aside, is still rather difficult. Also, I hear a lot of Russian ISP's are on the take and cater to a lot of fraud and other activities... Good luck in your venture... and find someone who speaks fluent Russian for starters... John ___ To report a botnet PRIVATELY please email: [EMAIL PROTECTED] All list and server information are public and available to law enforcement upon request. http://www.whitestar.linuxbox.org/mailman/listinfo/botnets ___ To report a botnet PRIVATELY please email: [EMAIL PROTECTED] All list and server information are public and available to law enforcement upon request. http://www.whitestar.linuxbox.org/mailman/listinfo/botnets ___ To report a botnet PRIVATELY please email: [EMAIL PROTECTED] All list and server information are public and available to law enforcement upon request. http://www.whitestar.linuxbox.org/mailman/listinfo/botnets ___ To report a botnet PRIVATELY please email: [EMAIL PROTECTED] All list and server information are public and available to law enforcement upon request. http://www.whitestar.linuxbox.org/mailman/listinfo/botnets
Re: [botnets] DDoS we've seen last weekend
To report a botnet PRIVATELY please email: [EMAIL PROTECTED] -- Konstantin Barinov wrote: To report a botnet PRIVATELY please email: [EMAIL PROTECTED] -- Hello! FYI. One of our customers with .ro site was under DDoS this weekend. Attack was incoming from more tham 3.5M unique IP addresses, all from different C classes. -- -- Konstantin Barinov ___ To report a botnet PRIVATELY please email: [EMAIL PROTECTED] All list and server information are public and available to law enforcement upon request. http://www.whitestar.linuxbox.org/mailman/listinfo/botnets Must be another Spammers War - sometimes they erupt - I hate it when that happens.. Just a power struggle among the Bot Herders fighting each other Change your IP and DNS - it's about all you can do - until it Blows over. John ___ To report a botnet PRIVATELY please email: [EMAIL PROTECTED] All list and server information are public and available to law enforcement upon request. http://www.whitestar.linuxbox.org/mailman/listinfo/botnets
