[prev in list] [next in list] [prev in thread] [next in thread]
List: emerging-sigs
Subject: [Emerging-Sigs] godaddy name server collateral damagement
From: jonkman () jonkmans ! com (Matt Jonkman)
Date: 2009-05-14 16:31:41
Message-ID: 4A0C476D.5010706 () jonkmans ! com
[Download RAW message or body]
Those domaincontrol hosts were listed because they are active Waledac
controllers. Surely compromised or fraudulent hosting accounts. As
listed at Sudosecure.
I'll report them to Godaddy and I'm sure they'll drop them quickly.
They'll then drop out of the compromised list tonight.
Matt
Jack Pepper wrote:
> I am not sure if it's related, but I found this little tidbit while
> dissecting a zeus infection:
>
> This host goes to "godaddy":
> http://www.find-assist.com/search?qg=%20/bnt/bnt.php?zip=Dhh637cd11_0630db15&type=1&name=16843008&q=bnt&item=0&id=0&rdp=0&ref=0&rn=1DGFqqW2QriutQ6&rg=
>
> This host goes to a fake yahoo phishing site:
> http://wwwwp.find-assist.com/search?qg=%20/bnt/bnt.php?zip=Dhh637cd11_0630db15&type=1&name=16843008&q=bnt&item=0&id=0&rdp=0&ref=0&rn=1DGFqqW2QriutQ6&rg=
>
> All the variants I tried for www[a-z]+.find-assist.com resolved to the
> same godaddy site. except wwwwp.find-assist.com .
>
> interesting, eh?
>
> jp
>
>
>
> Quoting Mark Tombaugh <mtombaugh at agilentcorp.com>:
>
> > Are ns21.domaincontrol.com and ns22.domaincontrol.com really
> > compromised? If so, whats the scoop?
> >
> > http://www.emergingthreats.net/rules/emerging-compromised.rules
> >
> >
> > _______________________________________________
> > Emerging-sigs mailing list
> > Emerging-sigs at emergingthreats.net
> > http://lists.emergingthreats.net/mailman/listinfo/emerging-sigs
> >
>
>
>
--
--------------------------------------------
Matthew Jonkman
Emerging Threats
Phone 765-429-0398
Fax 312-264-0205
http://www.emergingthreats.net
--------------------------------------------
PGP: http://www.jonkmans.com/mattjonkman.asc
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic