Comments for abuse.ch

Comment on How Big is Big? Some Botnet Statistics by Collateral Damage: Microsoft Hits Security Researchers along with Citadel | abuse.ch

Fri, 07 Jun 2013 18:38:15 +0000

[...] in researching botnets in my spare time, and abuse.ch is running such a sinkhole as well (in fact for years). The goal is simple: sinkhole malicious botnet domains (not only limited to any specific Trojan / [...]

Comment on Massive Drop in Number of Active Zeus C&C Servers by Koobface Worm Doubles C&C Servers in 48 Hours | Threatpost

Koobface Worm Doubles C&C Servers in 48 Hours | Threatpost — Thu, 02 May 2013 21:07:17 +0000

[...] Yesterday’s shut down of Troyak-as was definitely good news for the whole IT security community. Seeing cybercriminals getting kicked out from the Internet and then trying to get back inside calls for popcorn and soda. [...]

Comment on How Big is Big? Some Botnet Statistics by [WIP] Virus, antivirus: què són? Explicacions humanes | Construïnt Idees

[WIP] Virus, antivirus: què són? Explicacions humanes | Construïnt Idees — Fri, 19 Apr 2013 15:43:50 +0000

[...] La indústria del malware mou més diners que la indústria de les armes, l’autèntica mafia està posada al dia, i la majoria dels sysadmins no, i les botnets són immenses. [...]

Comment on Scareware Locks Down Computer Due To Child Porn and Terrorism by Por el mundo tras el virus con placa - El periódico de hoy : El periódico de hoy

Por el mundo tras el virus con placa - El periódico de hoy : El periódico de hoy — Tue, 26 Mar 2013 21:58:49 +0000

[...] hasta casa. La dirección IP contaminante sobre la que comenzó a trabajar el investigador era la 188.190.99.174, que localizó en Ucrania. Pero la banda se movía a una velocidad tremenda cambiando de servidores [...]

Comment on Massive Drop in Number of Active Zeus C&C Servers by Koobface Worm Doubles C&C Servers in 48 Hours | Threatpost

Koobface Worm Doubles C&C Servers in 48 Hours | Threatpost — Mon, 25 Mar 2013 01:25:37 +0000

Comment on Cybercriminals Moving Over To TLD .su by More Prominent Credit Reports Leaked As Agencies Explain How Hackers Did It | Elexonic.com | Breaking News

Thu, 21 Mar 2013 17:38:14 +0000

[...] has the Soviet Union’s.su country code, a domain originally created in 1990 that has beenincreasingly used by cybercriminals.The website’s Twitter page (now suspended) contained what Russia Today called “bad [...]

Comment on Fake Swisscom And T-Mobile Emails Hitting CH and DE by Fake hotel.de Booking Emails Hitting CH and DE | abuse.ch

Fake hotel.de Booking Emails Hitting CH and DE | abuse.ch — Mon, 18 Mar 2013 09:47:24 +0000

[...] « Fake Swisscom And T-Mobile Emails Hitting CH and DE [...]

Comment on Delta Airlines Spam Lead To Citadel by Se upp för hemsidor som är infekterade med zeroaccess och citadel | bredbandsbloggen

Sat, 23 Feb 2013 11:22:28 +0000

[...] identitet och kamouflerar sig som vanlig användare med smartphone) och wannafind.dk. Se mer på delta airlines, black-list, Free Email Blacklist Check Se till att du har uppdaterat din Flashplayer och Java. [...]

Comment on Dutch Spam Campaign Hits Switzerland With P2P ZeuS by Jay

Jay — Mon, 04 Feb 2013 14:14:29 +0000

Hi,

Even the dutch in the email is wrong, seems they used google translator or something like that.

Comment on Dutch Spam Campaign Hits Switzerland With P2P ZeuS by Ole bin login

Ole bin login — Tue, 22 Jan 2013 20:27:46 +0000

There is a primary controller to this bot located in russia. I have removed many hosts from the network I secure this past fall and this one controller keeps attempting connections to those previously infected bots. If someone from abuse.ch would like to contact me I will provide the IP to you.

ole.

Comment on ZeuS Gets More Sophisticated Using P2P Techniques by Detecting P2P Botnets with NetFlow (Part #1) - NetFlowKnights.com - NetFlow & sFlow Network Monitoring - NetFlowKnights.com

Wed, 12 Dec 2012 00:09:20 +0000

[...] services and other black-listing technology. While many botnets still use a traditional C2, a new breed of botnet has emerged that removes the need for a C2. These botnets make use of peer-to-peer technology to [...]

Comment on A Quick Update On Spambot Kelihos by ‘Neergehaald’ botnet Kelihos sterker dan ooit | Tech-nieuws

‘Neergehaald’ botnet Kelihos sterker dan ooit | Tech-nieuws — Mon, 10 Dec 2012 16:36:45 +0000

[...] beveiligingsonderzoeker Roman Huessy verzendt Kelihos op dit moment dagelijks spam via 100.000 tot 150.000 unieke IP-adressen. De bende achter het botnet heeft gaandeweg dit jaar [...]

Comment on Phishing eBanking Credentials Using Web-Proxies by Is my webserver being abused for banking fraud? - Admins Goodies

Is my webserver being abused for banking fraud? - Admins Goodies — Sun, 02 Dec 2012 17:29:59 +0000

[...] The strange thing is that all these domains are domains of banks and 3 out of the 4 domains are also in the list of the bank frauding scheme described on: http://www.abuse.ch/?p=2925 [...]

Comment on ZeuS Gets More Sophisticated Using P2P Techniques by ?????? ??? ?????? - ????? ??????? | Newsgeek

?????? ??? ?????? - ????? ??????? | Newsgeek — Tue, 09 Oct 2012 10:15:57 +0000

[...] ??? ?????? "???? ?????" (Peer-to-Peer, P2P) ??????? ??? ??? ???? ???? ??????. ?? ???? ???? ?? ??????? ??????? ??? ?? ?? ?????? ?? [...]

Comment on Ransomware Gets Professional, Targeting Switzerland, Germany And Austria by Policie ?R vás sleduje! « VIRY.CZ

Policie ?R vás sleduje! « VIRY.CZ — Fri, 05 Oct 2012 13:00:58 +0000

[...] Disorderly conduct: localized malware impersonates the police Ransomware Gets Professional, Targeting Switzerland, Germany And Austria [...]