« October 2009 · April 2010 · October 2017 »

December 2009
MonTueWedThuFriSatSun
 010203040506
07080910111213
14151617181920
21222324252627
28293031   
January 2010
MonTueWedThuFriSatSun
    010203
04050607080910
11121314151617
18192021222324
25262728293031
February 2010
MonTueWedThuFriSatSun
01020304050607
08091011121314
15161718192021
22232425262728

Calendar:

  • No entries for February 2010.
  • 29.01.2010: Pushdo DDoS'ing or Blending In?
  • 19.01.2010: Cyber Espionage: Death by 1000 Cuts
  • 16.01.2010: See below.
  • 09.01.2010: DDoS for Hire - More cooperation, or new competition?
  • 16.12.2009: Conficker may be forgotten, but it's not gone...
  • 14.12.2009: When PDFs Attack II - New Adobe Acrobat [Reader] 0-Day On the Loose
Newest first Oldest first

Saturday, 16 January 2010

DDoS for Hire - More cooperation, or new competition? UPDATED

Since our blog of 1/9/2009, atatatata.org, www.atatata.org, and 853c9e57.biz have been shut down. With the great assistance of Affilias and Neustar, these domains are now being sinkholed to Shadowserver which allows us to identify the infected drones and alert the respective netblock owner.

Another interesting development is the use of a new domain, qaqaqaqa.net on 115.100.250.104. The botnet here apparently looks to pick up where the others left off in carrying out new DDoS attacks.

In fact, that netblock 115.100.250.0/24 has been quite active of late, with the following activity having being seen since the first of the year:

  • 115.100.250.72 - papaanarhia.cn - botnet controller
  • 115.100.250.104 - qaqaqaqa.net - DDoS controller
  • 115.100.250.107 - atatatata.org - DDoS controller (offline)
  • 115.100.250.119 - vodkalv.com - Zeus controller
  • 115.100.250.114 - sport-lab.cn - botnet C&C (offline)
  • 115.100.250.119 - yit.nei223.com - botnet controller
  • 115.100.250.122 - pobedim.cn - botnet controller

=>Posted January 16, 2010, at 10:25 AM by Andre' - Semper_Securus