Merit Network
Can't find what you're looking for? Search the Mail Archives.
  About Merit   Services   Network   Resources & Support   Network Research   News   Events   Home

Discussion Communities: Merit Network Email List Archives

North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: zotob C&C servers

  • From: Michael Grinnell
  • Date: Mon Aug 15 14:50:27 2005

We haven't seen it yet on our network, but I was hoping somebody might have a text dump or packet capture of the C&C traffic that they would be willing to send me so I can tune our IDS to recognize it. I already have exploit rules loaded, just wanted to see if the C&C traffic varied significantly from the (relatively) standard *bot variety.


Michael Grinnell
Network Security Administrator
The American University

On Aug 15, 2005, at 3:13 PM, Gadi Evron wrote:

Hi guys.

Zotob, once infected, connects the machine to a botnet C&C (command & control) server.
Due to the extremely rapid spread of these worms, here is the C&C servers information that has been confirmed so far:

ASN | IP | Responsible Party
12832 | | LYCOS-EUROPE Lycos Europe GmbH
19742 | | MARLIN - Marlin eSourcing Solu
28677 | | AMEN AMEN Network
28677 | | AMEN AMEN Network

For your information and possible follow-up on your networks. This is spreading too quickly that wider activity is necessary.

For comments back to the drone armies & botnets research and mitigation mailing list, please go through our new PR team lead, "Fergie (Paul Ferguson)" <>.


Discussion Communities

About Merit | Services | Network | Resources & Support | Network Research
News | Events | Contact | Site Map | Merit Network Home

Merit Network, Inc.