Blog for hpHosts, and whatever else I feel like writing about ....

Tuesday 10 November 2009

Piradius.net running Zbot infrastructure servers

From the desk of, here Piradius goes again, comes news of their yet again providing housing to Zbot infrastructure .... sorry Piradius, what was that, you're a legit ISP? Well the evidence we've seen over the months says otherwise I'm afraid.

Piradius.net appears to be up to its dark grey hat antics again with a server at 124.217.251.179 which is providing services to the current run of Zbot trojans, as seen (for example) with this recent ThreatExpert report.

Robtex reports the the server is also being used as the NS for a number of Zbot related domains, notably x2dns.ru, cedns.ru, updata-1.com, admin-systems.com, db-1.net, upd01.net, ssl-updates.net and several others connected with this spam run. 124.217.251.179 is also the download server for various Zbot components.


Read more
http://www.dynamoo.com/blog/2009/10/piradiusnet-running-zbot-infrastructure.html

1 comment:

Unknown said...

On behalf of Piradius, the user was terminated since last year 2009 early October when we received a notification from Spamhaus telling us that the this is bad user. The user was banished from our network.