Belgian IRC servers undernet.org also hotbeds of malware : A secure democratic Net is a fundamental right

concours

contact me

Contact mailforlen

Syndicate this site (rss)

Syndicate this site (XML)

Get this by mail

Recent Posts

Categories

search belsec

translate this blog

Toolz, links, books

My pix albums

Archives

Copyright

You can republish and link parts of what you find (not the whole thing) to whatever you find here - except the comix that you have to ask me - as long as you don't ask money for it and attribute it with a link.Made For Adsense sites have no rights.

Disclaimer

This blog and all of its links and other projects are my personal projects that have nothing to do with my real job or with any other organisation. This means that any opinion published here is NOT an opinion of any employer or organisation I work with. THis is my personal space of democratic freedom of speech to stimulate an open debate and to fight effectively cybercrime and promote cybersecurity in all of its aspects. The fact that thousands of links are made available as 'Open Intelligence' does not mean that this author agrees with them or is responsable for the legality of them.

« emerging threats writes 32 Snort detection rules for MS08-067 | HomePage | many bank and phished sites in top malware serving list »

10/27/2008

Belgian IRC servers undernet.org also hotbeds of malware

Embeds = number of malware binaries in which this DNS name was discovered
Rank = 30-day importance ranking (1 to 100) of most prolific malware-related DNS
Lookups = number of observed infections in which this DNS name was looked up
DNS = malware DNS list...be afraid if your PC looks up these entries.

Rank	Lookups	Embeds	First	Last	CC	DNS
100	1411	0	09/26	10/25		citi-bank.ru
100	908	2	09/26	10/25		proxim.ircgalaxy.pl
83	543	201	09/26	10/25		moscow-advokat.ru
19	50	219	09/26	10/25		lia.zanet.net
18	121	93	09/26	10/25		siliconfireware.ru
17	43	219	09/26	10/25		london.uk.eu.undernet.org
17	46	219	09/26	10/25		caen.fr.eu.undernet.org
17	42	219	09/26	10/25		los-angeles.ca.us.undernet.org
17	47	201	09/26	10/25		broadway.ny.us.dal.net
17	40	219	09/26	10/25		brussels.be.eu.undernet.org
17	35	219	09/26	10/25		washington.dc.us.undernet.org
17	38	219	09/26	10/25		graz.at.eu.undernet.org
16	43	201	09/26	10/25		viking.dal.net
16	43	201	09/26	10/25		ced.dal.net
16	42	201	09/26	10/25		vancouver.dal.net
16	40	201	09/26	10/25		lulea.se.eu.undernet.org
16	40	219	09/26	10/25		flanders.be.eu.undernet.org
16	40	201	09/26	10/25		diemen.nl.eu.undernet.org
16	44	201	09/26	10/25		coins.dal.net
16	40	202	09/26	10/25		gaspode.zanet.org.za

This proofs that IRC/ICQ traffic should be closed off (undernet.org and dal.net) and that .ru traffic is better whitelisted (only acceptable servers allowed) than blacklisted (trying to block all bad servers). More listings

11:52 | Permalink | Comments (0) | Email this | | del.icio.us | | Digg! Digg | Facebook

Post a comment