Blog for hpHosts, and whatever else I feel like writing about ....

Monday 17 August 2009

Alert: Alliance & Leicester botnet back ....

Alas it seems the Alliance and Leicester botnet has made a comeback.

www.mybank.alliance-leicester.co.uk.msfileid011.net/customerforms/server10a/form.asp/index.php?ct=mybank3926393725529332640321160295073361820577675979816&em=508xav@it-mate.co.uk

IP's it's resolving to thus far;

124.66.241.125 - fch241125.fch.ne.jp
200.125.70.156 - cpe-156.70.125.200.in-addr.arpa
79.118.245.200 - fiberlink-200-245.pitesti.rdsnet.ro
80.230.64.111 - IGLD-80-230-64-111.inter.net.il
81.182.135.51 - dsl51B68733.pool.t-online.hu
81.218.141.170 - bzq-218-141-170.cablep.bezeqint.net
83.2.169.14 - 83-2-169-14.osiek.net.pl
83.28.198.35 - ble35.neoplus.adsl.tpnet.pl
85.11.156.22 - 85-11-156-22.sofianet.net
88.109.0.81 - 88-109-0-81.dynamic.dsl.as9105.com
89.142.38.95 - BSN-142-38-95.dial-up.dsl.siol.net
92.55.109.137 - Resolution failed
95.76.18.85 - Resolution failed
118.43.8.219 - Resolution failed
124.50.161.180 - Resolution failed

Given these appear to be the only IP's it's resolving to (sending additional DNS requests resulted in no additional IP's being detected) means this is either a small group of friends, or more likely, just a very very very small botnet.

First:



Second:



Third:



Finally:

No comments: