To report a botnet PRIVATELY please email: [EMAIL PROTECTED] ---------- update to that after I talked to some of the cox guys, among others, and found out what really happened. I was up late, so not completely connecting the dots. Anyway, what cox does is they have a gateway host inside that they forward C&C DNS records to, so when I did a dig on the host I got that IP so I assumed that it was based out of cox, even though it was out of brazil.
How I connected to the right host is I was using tor. Anyway, the setup they have on the gateway is very cool and I would explain more about how it works, but I'll let them speak up if they want to. Kyle Kyle Lutze wrote: > To report a botnet PRIVATELY please email: [EMAIL PROTECTED] > ---------- > cox has been notified, I am awaiting their reply. > > FYI, quite a few hunters are gathering in #shadowserver on freenode to > chat and hunt of course. please join if you want to stay updated on the > latest > > Kyle > > > Nepenthes Development Team wrote: > >>To report a botnet PRIVATELY please email: [EMAIL PROTECTED] >>---------- >>I'm not sure if some got already mentioned >> >> >>1) >> >>nepenthes-a30ddbb3d3e45b0f5bf6c63e26dc13c9-Sound.exe : [SANDBOX] >>contains a security risk - W32/Spybot.gen6 (Signature: W32/SDBot.YNE) >> * MD5 hash: a30ddbb3d3e45b0f5bf6c63e26dc13c9. >> [ Network services ] >> * Looks for an Internet connection. >> * Connects to "reptile.locean-indien.com" on port 6667 (TCP). >> * Connects to IRC server. >> * IRC: Uses nickname NeT803400248. >> * IRC: Uses username htpserldooa. >> * IRC: Joins channel ##Rx-AsN## with password #Rx-AsN#. >> * IRC: Sets the usermode for user NeT803400248 to -x+iB. >> > > > > > _______________________________________________ > botnets mailing list > To report a botnet PRIVATELY please email: [EMAIL PROTECTED] > http://www.whitestar.linuxbox.org/mailman/listinfo/botnets > > > _______________________________________________ botnets mailing list To report a botnet PRIVATELY please email: [EMAIL PROTECTED] http://www.whitestar.linuxbox.org/mailman/listinfo/botnets
