Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Vuln-Dev
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

drone armies C&C report - Jan/2005

from [Gadi Evron] Network Security [Permanent Link]
Subject: drone armies C&C report - Jan/2005
Date: Sun, 30 Jan 2005 13:43:25 +0200 
Below is a periodic public report from the drone armies / botnets
research and mitigation mailing list.
For this report it should be noted that we base our analysis on the data
we have accumulated from various sources.

According to our incomplete analysis of information we have thus far, we
now publish two reports.


The ISP's that are most often plagued with botnet C&C's (command &
control) are, by the order listed:
----------------------------------
1. AS21844              THEPL-1 THE PLANET
2. AS6517               YIPS Yipes Communications  Inc
3. AS21840              SAGONE Sago Networks
4. AS4766               KIXS-AS-KR Korea Telecom
5. AS5731               ATTW AT&T WorldNet Services
6. AS25761              STAMIN-2 Staminus Communicatio
7. AS30083              SERVE-6 Server4You Inc.

* We would gladly like to establish a trusted relationship with
  these and any organizations to help them in the future.


The Trojan horses most used in botnets:
---------------------------------------
1. Korgobot.
2. SpyBot.
3. Optix Pro.
4. rBot.
5. Other SpyBot variants and strains (AgoBot, PhatBot, actual SDbots,
   etc.).


Contact information:
Hank Nussbacher <hank@mail.iucc.ac.il>
Gadi Evron (as specified below)


--
Gadi Evron,
Information Security Manager, Project Tehila -
Israeli Government Internet Security.
Ministry of Finance, Israel.

gadi@tehila.gov.il
gadi@CERT.gov.il
Office: +972-2-5317890
Fax: +972-2-5317801
http://www.tehila.gov.il

The opinions, views, facts or anything else expressed in this email
message are not necessarily those of the Israeli Government.

[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
  • drone armies C&C report - Jan/2005, Gadi Evron <=
Previous by Date:  Security Bulletin - SSRT4875 rev.1 - HP Tru64 UNIX Java (TM) Technology Software Denial of Service (DoS), Boren, Rich (SSRT)
Next by Date:  Re[2]: SECURITY.NNOV: Multiple applications fd_set structure bitmap array index overflow, 3APA3A
Previous by Thread:  Security Bulletin - SSRT4875 rev.1 - HP Tru64 UNIX Java (TM) Technology Software Denial of Service (DoS), Boren, Rich (SSRT)
Next by Thread:  [Full-Disclosure] [ GLSA 200501-46 ] ClamAV: Multiple issues, Sune Kloppenborg Jeppesen
Indexes:  [Date] [Thread] [Top] [All Lists]