[123434] in North American Network Operators' Group


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

Trojan traffic from 115.100.250.112

daemon@ATHENA.MIT.EDU (Hadas Shany)
Mon Mar 8 09:22:14 2010

From: Hadas Shany <hadas@tehila.gov.il>
To: "nanog@nanog.org" <nanog@nanog.org>
Date: Mon, 8 Mar 2010 16:21:38 +0200
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org

Hello NANOG,

Yesterday we've found some strange requests in our logs, typical to the Dao=
nol Trojan. According to the logs, the infected computers are sending perso=
nal information such as search engine lookups and browsing history. The inf=
ormation sent to 115.100.250.112.
Log entry for example: GET http://115.100.250.112/x/?0ECiqocksamkpjqtnwhgrt=
ieydpwgvnmktk2 HTTP/1.0..SS:
More information on Daonol Trojan: http://www.microsoft.com/security/portal=
/Threat/Encyclopedia/Entry.aspx?Name=3DWin32%2fDaonol
We've blocked all communication with this address.

Thank you,
Hadas Shany
CERT.GOV ISRAEL


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

[123434] in North American Network Operators' Group

Trojan traffic from 115.100.250.112

daemon@ATHENA.MIT.EDU (Hadas Shany)Mon Mar 8 09:22:14 2010

daemon@ATHENA.MIT.EDU (Hadas Shany)
Mon Mar 8 09:22:14 2010