[83432] in North American Network Operators' Group
zotob C&C servers
daemon@ATHENA.MIT.EDU (Gadi Evron)
Mon Aug 15 14:14:33 2005
Date: Mon, 15 Aug 2005 21:13:56 +0200
From: Gadi Evron <ge@linuxbox.org>
To: nanog list <nanog@merit.edu>
Errors-To: owner-nanog@merit.edu
Hi guys.
Zotob, once infected, connects the machine to a botnet C&C (command &
control) server.
Due to the extremely rapid spread of these worms, here is the C&C
servers information that has been confirmed so far:
62.193.233.52:8080
84.244.7.62:8080
204.13.171.157:8080
62.193.233.4:8080
ASN | IP | Responsible Party
-----------------------------------------------------------
12832 | 84.244.7.62 | LYCOS-EUROPE Lycos Europe GmbH
19742 | 204.13.171.157 | MARLIN - Marlin eSourcing Solu
28677 | 62.193.233.52 | AMEN AMEN Network
28677 | 62.193.233.4 | AMEN AMEN Network
For your information and possible follow-up on your networks. This is
spreading too quickly that wider activity is necessary.
For comments back to the drone armies & botnets research and mitigation
mailing list, please go through our new PR team lead, "Fergie (Paul
Ferguson)" <fergdawg@netzero.net>.
Gadi.
