[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20070112164651.64234.qmail@cgisecurity.net>
Date: Fri, 12 Jan 2007 11:46:51 -0500 (EST)
From: bugtraq@...security.net
To: ge@...uxbox.org (Gadi Evron)
Cc: bugtraq@...urityfocus.com, full-disclosure@...ts.grok.org.uk
Subject: Re: [Full-disclosure] Web Honeynet Project: announcement,
The Web Application Security Consortium is also doing such a project at
http://www.webappsec.org/projects/honeypots/ . May be worthwhile to share data perhaps?
- zeno
http://www.cgisecurity.com/ Web Application Security news, and more
http://www.cgisecurity.com/index.rss [Security RSS Feed]
>
> [ Warning: this email message includes links to live web server malware
> propagated this Wednesday via file inclusions exploits. These links are
> not safe! ]
>
> Hello.
>
> The newly formed Web Honeynet Project from SecuriTeam and the ISOTF will
> in the next few months announce research on real-world web server attacks
> which infect web servers with:
> Tools, connect-back shells, bots, downloaders, malware, etc. which are all
> cross-platform (for web servers) and currently exploited in the wild.
>
> The Web Honeynet Project will, for now, not deal with the regular SQL
> injection and XSS attacks every web security expert loves so much, but
> just with malware and code execution attacks on web servers and hosting
> farms.
>
> These attacks form botnets constructed from web servers (mainly IIS and
> Apache on Linux and Windows servers) and transform hosting farms/colos to
> attack platforms.
>
> Most of these "tools" are being injected by (mainly) file inclusion
> attacks against (mainly) PHP web applications, as is well known and
> established.
>
> PHP (or scripting) shells, etc. have been known for a while, as well as
> file inclusion (or RFI) attacks, however, mostly as something secondary
> and not much (if any - save for some blogs and a few mailing list posts a
> year ago) attention was given to the subject other than to the
> vulnerabilities themselves.
>
> The bad guys currently exploit, create botnets and deface in a massive
> fashion and force ISPs and colos to combat an impossible situation where
> any (mainly) PHP application from any user can exploit entire server
> farms, and where the web vulnerability serves as a remote exploit to be
> followed by a local code execution one, or as a direct one.
>
> What is new here is the scale, and the fact we now start engaging the bad
> guys on this front (which so far, they have been unchallenged on) -
> meaning aside for research, the Web Honeynet Project will also release
> actionable data on offensive IP addresses, URLs and on the tools
> themselves to be made available to operational folks, so that they can
> mitigate the threat.
>
> It's long overdue that we start the escalation war with web server
> attackers, much like we did with spam and botnets, etc. years ago. Several
> folks (and quite loudly - me) have been warning about this for a while,
> not it's time to take action instead of talk. :)
>
> Note: Below you can find sample statistics on some of the Web Honeynet
> Project information for this last Wednesday, on file inclusion attacks
> seeding malware.
> You will likely notice most of these have been taken care of by now.
>
> The first research on the subject (after looking into several hundred such
> tools) will be made public in the February edition of the Virus Bulletin
> magazine, from:
> Kfir Damari, Noam Rathaus and Gadi Evron (yours truly).
>
> The SecuriTeam and ISOTF Web Honeynet Project would like to thank
> Beyond Security ( http://www.beyondsecurity.com ) for all the support.
>
> Special thanks (so far) to: Ryan Carter, Randy Vaughn and the rest of the
> new members of the project.
>
> For more information on the Web Honeynet Project feel free to contact me.
>
> Also, thanks for yet others who helped me form this research and
> operations hybrid project (you know who you are).
>
> Gadi.
>
> Sample report and statistics (for Wednesday the 10th of January, 2007):
>
> IP | Hit Count | Malware (Count), ... |
> 195.225.130.118 | 12 | http://m embers.lycos.co.uk/onuhack/cmd1.do? (4),
> http://m embers.lycos.co.uk/onuhack/injek.txt? (6),
> http://m embers.lycos.co.uk/onuhack/cmd.do? (2),
> 69.93.147.242 | 11 | http://w
> ww.clubmusic.caucasus.net/administrator/cmd.gif?
> (1), http://c lubmusic.caucasus.net/administrator/cmd.gif? (4),
> http://w ww.ucanartists.org/components/com_extcalendar/cmd.gif? (5),
> http://t bchat.caucasus.net/cmd.gif? (1),
> 216.22.3.11 | 8 | http://h eidi.by.ru/cmdi.txt? (7),
> http://h eidiz.by.ru/cmdi.txt? (1),
> 62.149.36.116 | 8 |
> http://w ww.fc-magdeburg.de/jscripts/tiny_mce/plugins/pic.gif?? (3),
> http://w ww.discoverchimpanzees.org/blog/sendit.jpg?? (2),
> http://u bk.no-ip.biz/shine.jpg?? (1),
> http://w ww.sle.br/polvo2/script/ftv3doc.gif?? (1),
> http://w ww.sle.br/polvo2/css/css.gif?? (1),
> 85.25.148.178 | 7 | h ttp://213.133.108.122/alex.gif? (1),
> http://c lubmusic.caucasus.net/Administrator/cmd.gif? (5),
> http://w ww.ucanartists.org/components/com_extcalendar/cmd.gif? (1),
> 69.13.6.170 | 7 | http://c ajem.by.ru/cmd.gif? (3),
> http://k ama.opensolarisproject.com/phpBB2/files/cmd.gif? (1),
> http://s upsup.by.ru/cmd.gif? (2), http://w
> ww.bhlynx.org/htdig/sad.gif? (1),
> 201.63.179.122 | 7 | http://d arkhand.netfast.org/list.txt??? (2),
> http://w ww.locman.net/Guide/vkod/list.txt?? (3), http://g
> odarmy.net/cmd.txt??
> (1), http://c hapolin.by.ru/cmds/list.txt? (1),
> 219.67.171.131 | 7 | http://i ntra/ (7),
> 193.39.119.174 | 6 | http://w ww.sirmet.it/pronti/cmd.txt?? (1),
> http://w ww.overclockers.pl/images/r57.gif? (1),
> http://w
> ww.rldiseno.com/administrator/components/com_remository/morgancmd.gif?
> (1), http://v irtual.uarg.unpa.edu.ar/myftp/list.txt? (1),
> http://w ww.sirmet.it/pronti/cmd.txt? (1),
> http://v irtual.uarg.unpa.edu.ar/myftp/list.txt?? (1),
> 80.74.142.173 | 6 | http://7 2.232.231.10/~superbr/tk.txt?? (1),
> http://t hebesthack.altervista.org/soka.txt? (2),
> http://m rmorte.by.ru/r57.swf?&add=bot (1),
> http://w ww.bhlynx.org/htdig/UPLOADING/full.gif? (2),
>
> Statistics:
> IP Count (Unique): 11
> Hit Count: 79 (from same IP: 86.08%)
>
>
> Malware | Hit Count | IPs (Count), ... |
> cmd.gif | 279 | 69.93.147.242 (11), 85.25.148.178 (6), 69.13.6.170 (6),
> 211.174.52.20 (4), 205.234.146.49 (4), 85.25.7.109 (3), 201.9.252.67 (3),
> 204.157.9.185 (3), 216.46.205.101 (3), 70.86.237.202 (3), 66.228.211.16
> (3),
> 206.225.82.46 (3), 213.192.241.44 (3), 82.208.181.122 (2), 64.34.203.104
> (2),
> 216.104.149.111 (2), 201.19.41.223 (2), 140.138.2.234 (2), 82.194.78.30
> (2),
> 151.8.228.196 (2), 82.194.70.92 (2), 66.111.45.130 (2), 202.8.87.197 (2),
> 194.30.160.101 (2), 83.149.84.184 (2), 83.65.141.130 (2), 70.84.49.42 (2),
> 203.146.247.79 (2), 212.34.138.206 (2), 72.22.90.219 (2), 216.16.246.240
> (2),
> 195.214.44.149 (2), 193.84.250.29 (2), 130.94.69.17 (2), 216.174.97.241
> (2),
> 202.5.195.7 (2), 201.9.216.138 (2), 62.149.140.17 (2), 213.202.247.177
> (2),
> 66.249.137.127 (2), 69.31.45.194 (2), 65.98.67.250 (2), 200.32.5.203 (2),
> 62.152.64.210 (2), 81.169.155.146 (2), 62.75.247.5 (2), 201.50.166.11 (2),
> 62.103.159.219 (1), 82.165.181.50 (1), 201.19.27.135 (1), 200.62.64.1 (1),
> 84.191.92.243 (1), 72.21.56.226 (1), 193.93.22.78 (1), 65.111.169.4 (1),
> 205.234.105.84 (1), 81.169.176.252 (1), 208.53.170.148 (1), 87.253.128.30
> (1), 148.244.125.3 (1), 216.22.24.29 (1), 216.237.124.82 (1),
> 82.79.190.155
> (1), 216.55.155.27 (1), 69.64.34.14 (1), 193.189.139.51 (1), 62.149.36.24
> (1), 62.193.237.34 (1), 212.227.127.183 (1), 203.22.204.167 (1),
> 201.19.33.183 (1), 202.75.40.172 (1), 62.213.96.213 (1), 69.26.178.141
> (1),
> 66.62.91.188 (1), 65.98.24.42 (1), 62.90.247.53 (1), 213.190.10.170 (1),
> 195.225.196.213 (1), 81.33.30.22 (1), 202.75.48.81 (1), 201.27.130.105
> (1),
> 80.86.83.26 (1), 201.8.170.227 (1), 195.117.34.114 (1), 209.200.229.90
> (1),
> 204.157.11.179 (1), 203.150.230.119 (1), 194.135.81.25 (1),
> 213.171.206.174
> (1), 69.9.37.130 (1), 201.19.41.150 (1), 201.238.227.107 (1), 72.36.228.18
> (1), 80.32.187.191 (1), 205.234.190.102 (1), 203.130.242.71 (1),
> 193.165.77.26 (1), 172.178.51.210 (1), 200.42.92.84 (1), 65.110.9.76 (1),
> 62.193.238.124 (1), 84.19.176.212 (1), 85.13.128.214 (1), 66.199.183.131
> (1),
> 217.156.103.28 (1), 212.227.127.159 (1), 64.239.45.44 (1), 70.84.183.130
> (1),
> 70.84.178.34 (1), 83.243.43.98 (1), 189.141.43.211 (1), 65.254.50.114 (1),
> 70.85.230.210 (1), 85.25.134.185 (1), 64.66.120.30 (1), 216.32.67.66 (1),
> 195.140.142.111 (1), 200.217.200.13 (1), 80.190.243.85 (1), 200.21.85.98
> (1),
> 201.9.214.114 (1), 194.177.128.241 (1), 201.19.41.112 (1), 82.192.67.66
> (1),
> 81.169.177.159 (1), 208.53.170.15 (1), 72.29.93.179 (1), 64.118.85.15 (1),
> 61.64.159.247 (1), 213.188.35.62 (1), 72.36.229.154 (1), 193.238.106.20
> (1),
> 198.173.64.81 (1), 62.193.238.72 (1), 203.162.202.137 (1), 208.49.83.50
> (1),
> 82.150.135.90 (1), 201.9.192.32 (1), 204.157.10.95 (1), 70.84.86.122 (1),
> 85.221.229.18 (1), 81.88.17.101 (1), 209.112.56.11 (1), 67.19.48.116 (1),
> 193.109.252.107 (1), 205.234.252.143 (1), 65.254.139.52 (1), 62.75.177.72
> (1), 82.165.177.145 (1), 201.19.24.185 (1), 8.6.223.5 (1), 213.115.183.36
> (1), 205.205.189.1 (1), 212.227.119.154 (1), 85.12.17.242 (1),
> 212.204.213.31
> (1), 212.97.96.139 (1), 195.34.78.100 (1), 201.19.43.137 (1),
> 62.193.228.59
> (1), 66.232.114.230 (1), 216.193.201.201 (1), 200.101.93.29 (1),
> 69.56.245.170 (1), 66.201.119.2 (1), 81.182.246.8 (1), 194.145.200.200
> (1),
> 202.188.124.52 (1), 62.193.216.17 (1), 213.251.172.103 (1), 66.36.240.45
> (1),
> 217.160.226.5 (1), 212.241.192.85 (1), 65.19.139.183 (1), 69.73.175.50
> (1),
> 193.138.206.126 (1), 74.52.220.58 (1), 66.226.74.90 (1), 72.232.9.238 (1),
> 83.143.85.50 (1), 64.76.24.214 (1), 202.158.89.67 (1), 12.6.95.21 (1),
> 217.160.226.2 (1), 82.195.230.142 (1), 64.20.50.35 (1), 70.85.221.154 (1),
> 72.36.179.162 (1), 212.227.96.202 (1), 64.91.255.130 (1), 209.160.32.106
> (1),
> 209.59.163.222 (1), 213.186.34.130 (1), 216.227.215.62 (1), 201.9.209.49
> (1),
> 72.29.64.229 (1), 200.162.196.214 (1), 213.247.60.210 (1), 72.9.248.146
> (1),
> 205.234.235.173 (1), 218.150.78.201 (1), 64.34.166.126 (1),
> cmd.txt | 123 | 87.238.209.101 (5), 212.110.122.165 (3), 62.193.237.22
> (3),
> 64.3.156.59 (3), 81.29.75.112 (2), 217.160.252.4 (2), 85.119.219.36 (2),
> 204.157.15.189 (2), 212.241.192.113 (2), 193.6.6.101 (2), 81.57.112.15
> (2),
> 207.58.177.50 (2), 200.255.50.131 (2), 202.5.195.7 (2), 213.240.243.15
> (2),
> 193.39.119.174 (2), 64.34.203.104 (1), 203.36.0.15 (1), 82.192.87.144 (1),
> 201.75.27.149 (1), 85.98.229.152 (1), 88.232.110.242 (1), 201.63.179.122
> (1),
> 213.189.27.96 (1), 87.238.208.100 (1), 201.19.16.223 (1), 204.2.106.3 (1),
> 62.75.251.113 (1), 66.111.45.130 (1), 201.58.41.9 (1), 72.232.53.210 (1),
> 82.165.183.17 (1), 88.226.0.154 (1), 208.234.20.125 (1), 66.18.160.59 (1),
> 85.12.147.20 (1), 195.39.35.115 (1), 85.107.94.14 (1), 81.215.251.88 (1),
> 62.166.203.203 (1), 200.168.144.40 (1), 62.193.226.73 (1), 88.226.0.79
> (1),
> 72.36.190.242 (1), 82.98.74.4 (1), 194.44.38.218 (1), 64.8.114.14 (1),
> 70.84.205.34 (1), 220.134.22.185 (1), 84.244.146.209 (1), 82.160.16.3 (1),
> 85.101.26.131 (1), 86.127.26.72 (1), 85.106.226.172 (1), 85.101.195.146
> (1),
> 69.61.12.2 (1), 65.254.36.146 (1), 64.34.168.95 (1), 213.188.35.62 (1),
> 85.97.85.192 (1), 213.251.168.77 (1), 201.92.114.224 (1), 208.49.83.50
> (1),
> 85.103.172.119 (1), 66.228.211.16 (1), 86.109.192.86 (1), 80.118.168.219
> (1),
> 201.75.60.132 (1), 81.169.175.152 (1), 200.168.144.175 (1), 85.214.42.118
> (1), 213.161.194.235 (1), 205.205.189.1 (1), 85.108.187.234 (1),
> 85.99.187.79
> (1), 87.118.98.140 (1), 195.34.78.100 (1), 85.107.93.3 (1), 64.0.197.99
> (1),
> 207.58.138.211 (1), 204.15.121.100 (1), 195.46.154.122 (1), 210.196.116.84
> (1), 201.29.65.167 (1), 203.63.5.173 (1), 200.29.2.93 (1), 85.97.126.185
> (1),
> 86.127.29.111 (1), 85.98.5.167 (1), 70.85.23.132 (1), 200.89.73.35 (1),
> 81.214.168.249 (1), 86.127.26.31 (1), 193.202.89.13 (1), 200.243.56.196
> (1),
> 85.99.224.67 (1), 207.58.129.57 (1), 84.191.212.176 (1), 64.118.84.10 (1),
> 82.98.225.171 (1), 85.99.141.199 (1),
> list.txt | 106 | 201.63.179.122 (6), 72.29.71.211 (3), 62.149.140.15 (3),
> 216.139.67.90 (2), 207.150.191.52 (2), 195.149.99.131 (2), 209.172.34.86
> (2),
> 70.85.154.226 (2), 70.87.86.130 (2), 202.143.173.2 (2), 193.39.119.174
> (2),
> 84.252.146.194 (2), 81.169.155.146 (2), 72.52.184.4 (1), 213.251.132.191
> (1),
> 82.165.235.5 (1), 216.22.24.29 (1), 72.29.68.123 (1), 216.104.149.111 (1),
> 69.16.207.166 (1), 154.37.2.50 (1), 216.180.243.242 (1), 72.232.91.130
> (1),
> 66.227.122.97 (1), 216.55.147.90 (1), 63.146.198.100 (1), 193.226.140.228
> (1), 67.19.80.180 (1), 216.130.161.111 (1), 66.197.195.101 (1),
> 216.7.178.164
> (1), 64.27.5.179 (1), 69.72.224.106 (1), 204.157.11.179 (1), 217.112.42.25
> (1), 82.102.15.13 (1), 81.169.167.240 (1), 72.36.158.226 (1),
> 209.59.195.31
> (1), 218.36.126.67 (1), 66.7.200.164 (1), 63.247.139.69 (1), 70.84.146.130
> (1), 65.254.50.114 (1), 87.17.78.245 (1), 194.30.160.11 (1),
> 202.130.106.156
> (1), 209.59.130.114 (1), 194.79.71.157 (1), 201.42.41.18 (1),
> 200.146.61.40
> (1), 203.88.114.169 (1), 161.132.144.50 (1), 151.51.63.190 (1),
> 194.145.127.68 (1), 134.58.253.114 (1), 67.91.198.51 (1), 91.121.7.26 (1),
> 72.21.51.210 (1), 72.18.130.32 (1), 209.33.215.180 (1), 210.0.211.228 (1),
> 205.234.99.226 (1), 88.149.156.142 (1), 62.149.140.18 (1), 209.51.140.2
> (1),
> 70.86.172.210 (1), 64.151.90.220 (1), 200.241.111.203 (1), 67.18.167.138
> (1),
> 81.4.74.238 (1), 82.163.66.89 (1), 216.117.150.82 (1), 201.26.46.108 (1),
> 87.118.98.140 (1), 216.227.217.6 (1), 64.0.197.99 (1), 193.25.197.122 (1),
> 72.29.73.71 (1), 200.101.93.29 (1), 83.143.81.2 (1), 200.216.87.236 (1),
> 83.243.154.180 (1), 72.36.202.166 (1), 216.246.45.69 (1), 210.208.204.56
> (1),
> 38.118.74.77 (1),
> c.txt | 60 | 213.193.229.39 (5), 86.54.102.2 (4), 195.10.193.5 (3),
> 62.231.119.106 (3), 193.25.197.127 (3), 202.64.87.188 (2), 207.58.142.226
> (2), 65.75.190.245 (2), 158.66.1.12 (2), 209.47.167.151 (2), 193.198.217.3
> (1), 67.15.42.38 (1), 85.158.249.30 (1), 70.86.48.66 (1), 82.80.253.45
> (1),
> 69.90.141.2 (1), 201.34.32.66 (1), 216.17.101.249 (1), 202.83.173.216 (1),
> 196.203.35.2 (1), 195.189.226.241 (1), 194.67.32.44 (1), 58.71.41.3 (1),
> 213.193.229.20 (1), 72.232.69.250 (1), 195.206.96.40 (1), 61.246.2.74 (1),
> 195.46.71.19 (1), 193.43.88.3 (1), 87.238.162.143 (1), 83.228.34.135 (1),
> 193.25.197.122 (1), 87.238.162.16 (1), 72.29.82.174 (1), 192.71.85.140
> (1),
> 65.77.42.233 (1), 87.106.33.210 (1), 213.193.246.81 (1), 212.75.96.165
> (1),
> 213.193.246.25 (1), 85.214.75.173 (1), 69.60.109.202 (1),
> cmd.do | 53 | 200.24.106.14 (4), 141.44.47.74 (3), 200.188.219.122 (2),
> 87.242.72.37 (2), 217.112.36.52 (2), 195.225.130.118 (2), 62.103.159.219
> (1),
> 85.17.3.141 (1), 205.214.64.176 (1), 66.227.122.97 (1), 84.244.8.53 (1),
> 69.155.36.50 (1), 81.21.79.93 (1), 209.8.117.170 (1), 70.86.234.234 (1),
> 69.64.50.67 (1), 64.191.33.200 (1), 204.9.174.110 (1), 72.232.62.98 (1),
> 67.159.21.37 (1), 64.92.171.58 (1), 64.38.19.238 (1), 62.193.248.88 (1),
> 209.126.142.253 (1), 206.51.236.115 (1), 216.227.218.113 (1), 85.25.59.184
> (1), 213.83.63.53 (1), 208.49.83.50 (1), 208.101.43.190 (1),
> 62.116.130.180
> (1), 67.18.229.90 (1), 147.94.192.41 (1), 66.225.239.199 (1), 91.143.130.1
> (1), 81.57.112.15 (1), 70.86.207.162 (1), 216.194.64.235 (1),
> 69.56.243.130
> (1), 222.237.78.168 (1), 163.29.233.6 (1), 209.123.92.40 (1), 198.77.13.98
> (1), 62.4.84.36 (1),
> c.in | 51 | 212.12.121.43 (3), 66.103.152.111 (3), 202.123.79.16 (3),
> 193.138.230.200 (3), 62.221.213.68 (2), 64.8.118.5 (2), 66.230.196.135
> (2),
> 64.199.142.69 (2), 209.47.167.151 (2), 66.246.134.221 (1), 67.19.143.130
> (1),
> 89.207.232.18 (1), 204.11.234.28 (1), 64.38.11.6 (1), 64.15.138.182 (1),
> 63.245.201.68 (1), 62.4.70.180 (1), 62.193.229.152 (1), 87.233.12.130 (1),
> 70.86.36.194 (1), 209.47.139.138 (1), 67.19.224.66 (1), 81.183.219.157
> (1),
> 213.193.230.201 (1), 70.86.151.130 (1), 66.7.193.220 (1), 218.38.14.205
> (1),
> 72.22.69.224 (1), 189.146.75.42 (1), 75.126.58.208 (1), 72.36.155.170 (1),
> 70.84.122.194 (1), 66.235.206.151 (1), 72.51.35.25 (1), 204.16.246.8 (1),
> 67.18.252.98 (1), 202.139.20.8 (1), 85.92.70.238 (1),
> tk.txt | 48 | 83.137.17.37 (2), 202.181.206.50 (2), 61.194.40.108 (2),
> 72.5.54.40 (2), 203.146.140.221 (1), 205.234.190.84 (1), 216.61.218.2 (1),
> 66.226.64.33 (1), 198.64.149.204 (1), 64.202.123.184 (1), 82.217.225.104
> (1),
> 87.233.14.82 (1), 205.234.190.102 (1), 62.193.234.11 (1), 212.80.70.2 (1),
> 87.117.224.250 (1), 72.36.190.242 (1), 69.0.231.197 (1), 62.111.211.194
> (1),
> 64.8.114.14 (1), 81.29.195.54 (1), 213.192.241.47 (1), 209.59.137.106 (1),
> 69.64.33.9 (1), 212.34.138.238 (1), 209.172.34.86 (1), 80.74.142.173 (1),
> 194.109.148.172 (1), 216.120.228.160 (1), 62.193.228.59 (1),
> 217.71.214.135
> (1), 67.159.26.207 (1), 212.241.248.177 (1), 211.115.217.151 (1),
> 150.140.140.91 (1), 209.126.254.191 (1), 213.240.243.15 (1),
> 201.32.170.233
> (1), 64.76.24.214 (1), 62.193.226.57 (1), 200.161.198.118 (1),
> 213.184.216.134 (1), 206.251.247.140 (1), 204.14.110.100 (1),
> sad.gif | 40 | 212.110.122.165 (2), 81.169.175.152 (2), 82.208.181.122
> (1),
> 193.93.22.78 (1), 216.246.60.183 (1), 216.70.72.167 (1), 205.234.223.151
> (1),
> 62.75.161.45 (1), 85.17.53.242 (1), 216.7.178.164 (1), 219.95.3.182 (1),
> 128.121.21.33 (1), 218.111.135.154 (1), 194.204.11.67 (1), 200.162.196.187
> (1), 69.13.6.170 (1), 220.134.22.185 (1), 67.19.25.34 (1), 200.234.201.118
> (1), 67.19.71.228 (1), 210.245.226.52 (1), 83.143.81.22 (1), 64.20.33.154
> (1), 81.0.254.66 (1), 72.232.25.58 (1), 64.34.169.139 (1), 68.23.46.65
> (1),
> 204.157.11.61 (1), 212.3.242.140 (1), 81.222.134.125 (1), 222.122.46.217
> (1),
> 202.5.195.7 (1), 198.173.81.121 (1), 222.122.31.173 (1), 72.36.155.138
> (1),
> 64.106.143.220 (1), 83.14.225.50 (1), 213.239.175.53 (1),
> tool20.dat | 37 | 85.98.228.55 (3), 81.215.251.73 (2), 81.214.163.255 (2),
> 81.214.160.78 (1), 81.215.248.208 (1), 81.215.245.81 (1), 81.214.168.215
> (1),
> 81.214.165.43 (1), 85.104.40.203 (1), 81.214.161.240 (1), 81.215.237.251
> (1),
> 81.214.174.71 (1), 81.214.169.172 (1), 81.214.172.202 (1), 81.214.171.65
> (1),
> 81.214.168.116 (1), 85.98.123.10 (1), 81.214.166.1 (1), 81.214.175.73 (1),
> 81.214.164.94 (1), 81.215.247.8 (1), 85.98.123.29 (1), 201.19.113.219 (1),
> 81.214.164.5 (1), 201.19.65.249 (1), 81.214.169.97 (1), 81.215.255.156
> (1),
> 85.104.40.207 (1), 81.214.169.190 (1), 81.214.175.27 (1), 81.214.171.215
> (1),
> 81.214.162.240 (1), 81.214.172.207 (1),
> c.php.txt | 32 | 81.183.219.157 (2), 64.199.142.69 (2), 202.60.74.106 (2),
> 84.19.182.32 (1), 72.36.192.42 (1), 193.164.131.35 (1), 85.43.93.220 (1),
> 65.42.183.2 (1), 81.92.6.204 (1), 70.84.178.34 (1), 195.2.72.34 (1),
> 72.232.214.242 (1), 66.165.236.122 (1), 72.29.75.151 (1), 195.138.198.28
> (1),
> 208.101.29.107 (1), 67.19.37.228 (1), 66.103.130.131 (1), 70.86.36.194
> (1),
> 195.238.74.73 (1), 219.93.90.33 (1), 66.235.209.82 (1), 85.25.11.42 (1),
> 66.45.242.178 (1), 66.235.206.151 (1), 195.2.72.35 (1), 69.93.128.17 (1),
> 212.24.224.18 (1), 72.232.6.132 (1),
>
> Statistics:
> Malware Count (Unique): 11
> Malware Hit Count: 829 (from same IP: 98.67%)
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
>
Powered by blists - more mailing lists