- No entries for February 2010.
- 29.01.2010: Pushdo DDoS'ing or Blending In?
- 19.01.2010: Cyber Espionage: Death by 1000 Cuts
- 16.01.2010: See below.
- 09.01.2010: DDoS for Hire - More cooperation, or new competition?
- 16.12.2009: Conficker may be forgotten, but it's not gone...
- 14.12.2009: When PDFs Attack II - New Adobe Acrobat [Reader] 0-Day On the Loose
Saturday, 16 January 2010
DDoS for Hire - More cooperation, or new competition? UPDATED
Since our blog of 1/9/2009, atatatata.org, www.atatata.org, and 853c9e57.biz have been shut down. With the great assistance of Affilias and Neustar, these domains are now being sinkholed to Shadowserver which allows us to identify the infected drones and alert the respective netblock owner.
Another interesting development is the use of a new domain, qaqaqaqa.net on 188.8.131.52. The botnet here apparently looks to pick up where the others left off in carrying out new DDoS attacks.
In fact, that netblock 184.108.40.206/24 has been quite active of late, with the following activity having being seen since the first of the year:
- 220.127.116.11 - papaanarhia.cn - botnet controller
- 18.104.22.168 - qaqaqaqa.net - DDoS controller
- 22.214.171.124 - atatatata.org - DDoS controller (offline)
- 126.96.36.199 - vodkalv.com - Zeus controller
- 188.8.131.52 - sport-lab.cn - botnet C&C (offline)
- 184.108.40.206 - yit.nei223.com - botnet controller
- 220.127.116.11 - pobedim.cn - botnet controller
=>Posted January 16, 2010, at 10:25 AM by Andre' - Semper_Securus