Oh how cute. After a break yesterday AM, the "assault" resumed. One new actor
is from abuser.eu. My guess is that's an official site that is investigating
the malware, as the registration info is impossibly brief:
$ whois abuser.eu
Domain: abuser.eu
Registrant:
NOT DISCLOSED!
Visit www.eurid.eu for webbased whois.
Onsite(s):
NOT DISCLOSED!
Visit www.eurid.eu for webbased whois.
Registrar:
Name: InterNetworX Ltd. & Co. KG
Website: www.inwx.eu
Name servers:
ns2.afraid.org
ns3.afraid.org
ns4.afraid.org
ns1.afraid.org
Please visit www.eurid.eu for more info.
Over at www.eurid.eu, their response includes:
abuser.eu: Not available for registration
You are the holder of this domain name
If the registrant data for your .eu domain name is inaccurate, please contact
your registrar (the organisation displayed below) to update your data.
...
Oh - that's just boilerplate and probably prints on all queries as it continues
with:
You are not the holder of this domain name
If you believe you have the right to a .eu domain name that is already
registered by someone else, you may dispute the registration.
...
Sigh. At least whatever it is isn't spreading quickly, so it remains
not a big deal. I'm surprised there's little to find on Google.
Lloyd Kvam sent me Email to say he hasn't seen this traffic, so perhaps
its reach is limited at the moment.
-Ric
--
r...@wermenh.com http://WermeNH.com/
_______________________________________________
gnhlug-discuss mailing list
gnhlug-discuss@mail.gnhlug.org
http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss/
