To report a botnet PRIVATELY please email: [EMAIL PROTECTED] ---------- Hi Already taken care of I also reported / send the files to the different AV companies and so on. The web server does not response like it did before. So it indicates that the service for it is dead. What is amazing though for me is the difference in response from the different AV companies. Thanks for all the response I have got.
John Holan IS Analyst ASTAC Phone # (907)563-3989 Fax # (907)563-1932 -----Original Message----- From: bf [mailto:[EMAIL PROTECTED] Sent: Tuesday, October 10, 2006 9:15 AM To: John Holan Cc: [email protected] Subject: Re: [botnets] New Botnet or what Hello John, The target IP looks to be a webserver (obviously), probably a shared hosting setup as there is a CPanel interface there. Chances are someones virtual host got cracked and is being used for nefarious purposes. I recommend contacting the owner of that IP at: ####################### OrgName: Network Operations Center Inc. OrgID: NOC Address: PO Box 591 City: Scranton StateProv: PA PostalCode: 18501-0591 Country: US Comment: Abuse Dept: [EMAIL PROTECTED] RegDate: 2001-04-04 Updated: 2003-08-06 AdminHandle: SMA4-ARIN AdminName: Arcus, S. Matthew AdminPhone: +1-570-343-8551 AdminEmail: [EMAIL PROTECTED] ###################### If you have the malware files you can run them through "Virus Total" and "Norman Sandbox" to see what they contain. enjoy, bf On 10/5/06, John Holan <[EMAIL PROTECTED]> wrote: > To report a botnet PRIVATELY please email: [EMAIL PROTECTED] > ---------- > Hi > Killed a Trojan on a workstation that was constantly connecting to > 66.197.216.149 on port 80 > It uses filenames associated with Backdoor.Haxdoor but they are not > detected by any AV or Anti Spy ware software that I have tried. > Unfortunately I did not trap any of the traffic it generated only the > logs. And I am still analyzing them. > Any suggestions. > > More info > > 192.168.10.119 Accessed URL > 66.197.216.149:/Ffgj3dsw/bsrv.php?lang=ENU&pal=0&bay=0&gold=0&id=2222&pa > ram=16661&socksport=20454&httpport=21219&uptimem=51&uptimeh=62&uid=[5278 > 947655522557439]&wm=0&ver=88(A) > -------------------------------------- > 66.197.216.149/Ffgj3dsw/bsrv.php? > lang=ENU& > pal=0& > bay=0& > gold=0& > id=2222& > param=16661& > socksport=20454& > httpport=21219& > uptimem=51& > uptimeh=62& > uid=[5278947655522557439]& > wm=0& > ver=88(A) > ------------------------------------- > > John > IS Analyst > > _______________________________________________ > To report a botnet PRIVATELY please email: [EMAIL PROTECTED] > All list and server information are public and available to law enforcement upon request. > http://www.whitestar.linuxbox.org/mailman/listinfo/botnets > _______________________________________________ To report a botnet PRIVATELY please email: [EMAIL PROTECTED] All list and server information are public and available to law enforcement upon request. http://www.whitestar.linuxbox.org/mailman/listinfo/botnets
