Hi Philip,
I did a quick check and could not verify your findings, what I got back was: SpyEye Tracker :: C&C 41.186.24.58 The Host 41.186.24.58 was not found in the SpyEye Tracker database. Is this a possible, probable or real threat! I did find a two nice little documents: http://www.malwareint.com/docs/spyeye-analysis-en.pdf http://blog.fortinet.com/a-guide-to-spyeye-cc-messages/ that gives an overview of SpyEye that was very interesting, no idea how accurate and up to date the information is. Kind Regards Peter Atkin (C.T.O) cfts.co (u) ltd. Get I.T.Right +256-772-700781 | Skype: peter2cfu www.cfts.co.ug <http://www.cfts.co/> | location details <http://www.cfts.co/contacts.html> | <http://ug.linkedin.com/in/peteratkin> view my profile From: [email protected] [mailto:[email protected]] On Behalf Of Phillip Simbwa Sent: Thursday, June 13, 2013 5:42 PM To: lug Subject: [LUG] Zeus Botnet C&C in our neighbourhood Zeus is one of the most successful financial botnets in the history of botnets. Its very sophisticated and hard to detect let alone decisively deal with. It was has been used to hit mainly financial institutions but the recent trend is hitting any corporate organization. Why should you worry? There is a command and control (C&C) server in Rwanda and its been there since last year. https://zeustracker.abuse.ch/index.php The ISP serving this server happens to be MTN Rwandacell. Our UGCERT could start watching for any traffic terminating to that server (IP: 41.186.24.58) just in case that turns out to be the regional C&C . For the CIOs, check your network logs just in case... Cheers, -- - Phillip. "Aoccdrnig to rscheearch at an Elingsh uinervtisy, it deosn't mttaer in waht oredr the ltteers in a wrod are, the olny iprmoetnt tihng is taht the frist and lsat ltteer are in the rghit pclae. The rset can be a toatl mses and you can sitll raed it wouthit a porbelm. Tihs is bcuseae we do not raed ervey lteter by it slef but the wrod as a wlohe and the biran fguiers it out aynawy." __________________________________________________________________________________ This e-mail is company confidential and may contain legally privileged information. If you are not the intended recipient, you should not copy, distribute, disclose or use the information it contains. Please e-mail the sender immediately and delete this message from your system. Note: e-mails are susceptible to corruption, interception and unauthorized amendment; we do not accept liability for any such changes, or for their consequences.
_______________________________________________ The Uganda Linux User Group: http://linux.or.ug Send messages to this mailing list by addressing e-mails to: [email protected] Mailing list archives: http://www.mail-archive.com/[email protected]/ Mailing list settings: http://kym.net/mailman/listinfo/lug To unsubscribe: http://kym.net/mailman/options/lug The Uganda LUG mailing list is generously hosted by INFOCOM: http://www.infocom.co.ug/ The above comments and data are owned by whoever posted them (including attachments if any). The mailing list host is not responsible for them in any way.
