01/21/2009
the fast-flux dns botnets with .be domains for phishing are back again
Yesterday was just a pauze and as many sites of the botnets didn't work there was a possibility that they were just working to get back again
they did and they do it differently according to phishtank
* http://cashmanager.bbt.com.mdlit.be/K1/cashmanageronline/...
http://www.phishtank.com/phish_detail.php?phish_id=633606
* http://businessconnect.comerica.com.session-id-0458.fdldd...
* http://businessconnect.comerica.com.session-id-7462.idtr.......
* http://business-eb.bbt.com.mode-rti01.be/K1/cashmanageron..._...
* http://www.bankofscotlandbusiness.co.uk.session3937.id-fr...
And according to arbor networks, they are back again
| idtr.be | 2009-01-21 16:18:01 EST |
| msprodl.be | 2009-01-21 16:17:57 EST |
| dftrk.be | 2009-01-21 16:17:54 EST |
| fd-s1.be | 2009-01-21 16:17:47 EST |
| dirst.be | 2009-01-21 16:17:31 EST |
| mode-tr0.es | 2009-01-21 16:16:38 EST |
| predl.be | 2009-01-21 16:16:09 EST |
| moddl.be | 2009-01-21 16:15:38 EST |
as long as they are not desactivated, they will come back again and again and again, dns.be has no choice here. We think that in total we are talking around 100 .eu and .be domains that were being registred for this operation.
these are the new ones
bmotsp.be
fddll.be
idrit.be
mdlit.be
mode-rti01.be modert.be pmode1.be
and we are in good company, the .ru domain has also been used now with the same kind of words and also just about 10 every day
with blacklisters and filters, the .ru domain is know to be used as whitelisted, only some domains to get through, really good company
GET THEM DOWN
23:10 | Permalink | Comments (0) | Email this
| 
| 
del.icio.us
|
| 
Digg | 
Facebook
Post a comment