Blog for hpHosts, and whatever else I feel like writing about ....

Thursday, 25 February 2010


I was notified earlier about, which has been reported as a botnet C&C for the Spybot.AVEO infection (Trend Micro has it pegged as WORM_IRCBOT.ABJ). After reading up on this, I'd strongly urge everyone blackhole it asap.

Trend Micro's writeup also has reference to it's contacting (yep, OVH again) which resides at, so I'd suggest blackholing that one too. This IP houses;

Not only does this worm steal gaming related details from the infection computer, it also monitors for specific sites such as banks, PayPal, RapidShare etc, and attempts to spread across network shares.

You can read the full details on this one at;

Finland's CERT also has a writeup (translated) referencing the OVH IP as being part of the "Chuck Norris" infection;

Incidentally, if anyone has a sample of this, please drop me an e-mail.

No comments: