Sunday, March 6, 2011

RBN IP List Update 3-6-2011

RBN IP List Update 3-6-2011 is available at:

In this update we add more coverage for ChronoPay properties.  Thus far, we have seen only one domain object move.  The mail server was located at (AS43355 UPL-TELECOM-AS UPL Telecom) and is now deployed at (Hetzner).  Both of these IP addresses also host DNS servers, so this provides a clue as to enemy infrastructure.

In addition to Pavel Vrublevsky's hubris, the update lists new instances of SpyEye Command and Control servers, Zeus, several backdoor trojans, a Heihachi deployment of Trojan Palevo, and we catch the Koobface Gang victimizing cancer patients with Trojan Bredolab.

We have consolidated several IP listings (an opportunity provided by consistently malicious behavior).

We wish to acknowledge Brian Krebs, the Malware Domain List, and David Glosser at Malware Domains.

Thank you,

James McQuaid