Re-checking the list of domains previously mentioned, shows they're on the move to a new range. This time owned by known crimeware friendly ISP, ROOT SA (aka Root eSolutions, AS5577 212.117.160.0/19, AS44042). The new IP is 212.117.169.106.
There's only a handful resolving to the new IP at the time of writing, so presumably the rest are awaiting DNS propagation.
http://temp.it-mate.co.uk/hpObserver_results_-_Redstation-04062010.html
References:
WARNING: Malware, scams and RedStation (AS35662, 81.94.192.0/20)
http://hphosts.blogspot.com/2010/05/warning-malware-scams-and-redstation.html
Legitimate Software Typosquatted in SMS Micro-Payment Scam
http://ddanchev.blogspot.com/2009/07/legitimate-software-typosquatted-in-sms.html
Crimeware friendly ISPs: root eSolutions
http://hphosts.blogspot.com/2009/11/crimeware-friendly-isps-root-esolutions.html
hpHosts blog
http://hphosts.blogspot.com/search?q=root+esolutions
Friday, 4 June 2010
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment