Security-Alerts mailing list archive (security-alerts@yandex-team.ru)
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[security-alerts] FW: Win32.Mitglieder.DH epidemy
> -----Original Message-----
> From: Vsevolod Gavrilenko [mailto:gvj@xxxxxxxxxxx]
> Sent: Monday, November 28, 2005 3:47 PM
> To: incidents@xxxxxxxxxxxxxxxxx
> Subject: Win32.Mitglieder.DH epidemy
>
>
> Good afternoon incidents@xxxxxxxxxxxxxxxxx
> <incidents@xxxxxxxxxxxxxxxxx>,
>
> Hello.
>
> Nowtimes we are expecting a large amount of requests from live and
> wild botnet under Win32.Mitglieder.DH.
>
> We host one of the contact sites (tarkan.ru), so we got about 110K
> unique requests today on 16:00 MSK.
>
> The line looks like:
>
> 207.46.50.74 - - [28/Nov/2005:15:39:50 +0300] "GET
> /images/tst.php?p=1033&id=26912415p HTTP/1.1" 302 302 "-" "fog"
>
> Now we are redirecting all these requests to 127.0.0.1 and going to
> send abuse reports to network owners.
>
>
>
> --
> Vsevolod Gavrilenko mailto:gvj@xxxxxxxxxxx
> Corbina Telecom, tel. +7 095 7284000
>
>
|
