To report a botnet PRIVATELY please email: [EMAIL PROTECTED] ---------- Hello John, The target IP looks to be a webserver (obviously), probably a shared hosting setup as there is a CPanel interface there. Chances are someones virtual host got cracked and is being used for nefarious purposes.
I recommend contacting the owner of that IP at: ####################### OrgName: Network Operations Center Inc. OrgID: NOC Address: PO Box 591 City: Scranton StateProv: PA PostalCode: 18501-0591 Country: US Comment: Abuse Dept: [EMAIL PROTECTED] RegDate: 2001-04-04 Updated: 2003-08-06 AdminHandle: SMA4-ARIN AdminName: Arcus, S. Matthew AdminPhone: +1-570-343-8551 AdminEmail: [EMAIL PROTECTED] ###################### If you have the malware files you can run them through "Virus Total" and "Norman Sandbox" to see what they contain. enjoy, bf On 10/5/06, John Holan <[EMAIL PROTECTED]> wrote: > To report a botnet PRIVATELY please email: [EMAIL PROTECTED] > ---------- > Hi > Killed a Trojan on a workstation that was constantly connecting to > 66.197.216.149 on port 80 > It uses filenames associated with Backdoor.Haxdoor but they are not > detected by any AV or Anti Spy ware software that I have tried. > Unfortunately I did not trap any of the traffic it generated only the > logs. And I am still analyzing them. > Any suggestions. > > More info > > 192.168.10.119 Accessed URL > 66.197.216.149:/Ffgj3dsw/bsrv.php?lang=ENU&pal=0&bay=0&gold=0&id=2222&pa > ram=16661&socksport=20454&httpport=21219&uptimem=51&uptimeh=62&uid=[5278 > 947655522557439]&wm=0&ver=88(A) > -------------------------------------- > 66.197.216.149/Ffgj3dsw/bsrv.php? > lang=ENU& > pal=0& > bay=0& > gold=0& > id=2222& > param=16661& > socksport=20454& > httpport=21219& > uptimem=51& > uptimeh=62& > uid=[5278947655522557439]& > wm=0& > ver=88(A) > ------------------------------------- > > John > IS Analyst > > _______________________________________________ > To report a botnet PRIVATELY please email: [EMAIL PROTECTED] > All list and server information are public and available to law enforcement > upon request. > http://www.whitestar.linuxbox.org/mailman/listinfo/botnets > _______________________________________________ To report a botnet PRIVATELY please email: [EMAIL PROTECTED] All list and server information are public and available to law enforcement upon request. http://www.whitestar.linuxbox.org/mailman/listinfo/botnets
