Saturday, December 13th, 2008 / 996 views

NOC4HOSTS and the Grum Botnet

   

From fireeye.com

NOC4HOSTS and the Grum Botnet

 

Update: As of 12/08, Jay from HiVelocity took the necessary steps to get these Command and Control servers shutdown. The FE research team thanks him and his team profusely for their efforts. Individual verification of customers is nearly impossible for a facility of their size, so we appreciate any efforts they can make after the fact. We’d also like to thank Ross Thomas from SophosLabs and Phil Hay from Marshal TRACE for their research efforts.

 

Yesterday, my colleague Atif was looking at Pushdo/Cutwail, and he found a disturbing number of the C&Cs were hosted at NOC4HOSTS. This isn’t another McColo, but upon further investigation, there does appear to be a higher than average number of botnet controllers and malware hosted there. The is part 1 of an N part series on C&Cs, malware, and exploits hosted at NOC4HOSTS.

 

Continue reading…

Posted by admin on Saturday, December 13th, 2008 at 12:09 am and filed under Security News with tags , . You can leave a response, or trackback from your own site.

Related Articles

    Leave a Reply