Blog for hpHosts, and whatever else I feel like writing about ....

Sunday, 6 September 2009

Alert: Alliance and Leicester botnet

Oh dear, it started in July, then made a come back the middle of August, and now has returned yet again.

I've checked those that were alive in July, and they're all still dead, so they're not surprisingly, using brand new domains for this one. Quite why the registrars and ICANN et al, are allowing domain names with banking institues in them, astounds me - and obviously, is annoying.

I've only seen one such domain thus far (*, but have no doubt there are others out there;

My friend over at Clean-MX has three dated September 1st and 2nd; desc&response=alive&domain=alliance-leicester%

/edit 22:26

Just received another one pointing to a different domain;

Anthony added quite a few more to the database too, which makes the current list;

Anthony posted the hpObserver results over at MDL earlier;

I've also ran them through hpObserver again to see if there are any new IP's;

No comments: