Watching the new domains popping up each day, I continued to send them reports, and resorted to a second phone call last week (Sunday if memory serves), to be told yet again, they'd give the customer a 24 hour warning. I further sent them a plethora of data regarding cases related to it, suggesting they're most likely all from a single or single group, of resellers.
Today alas, the server was still active, and still spitting out the Renos trojan. Finally, I called them a third time, and I'm happy to report, they suspended the server whilst I was on the phone to them. The problem however, is the initial 24 hour warning they claimed they'd given the customer - what happened to it? what happened to the followup warnings?
More importantly, why did a 24 hour warning end up being a 4 day and 18 cases later, warning? Especially given I was told today that they had STILL not received a response from their customer to the first warning, let alone any followups.
HostNOC/Burst don't exactly have the best reputation when it comes to responses and actioning as it is, and this kind of behaviour isn't exactly making them look any better. So HostNOC/Burst - what's going on?
The files and domains, incase you're wondering, that were seen on this IP are;
DATE IP(S) IPPTR(S) AS AS_DESCRIPTION HOSTNAME URL MD5
20110706131440 64.120.151.73 64-120-151-73.static.hostnoc.net 21788 21788 64.120.128.0/18 NOC - Network Operations Center Inc. mediafilestorage.biz http://mediafilestorage.biz/New-Video-Addon.48563.exe 2dd41d1a98e1ce8a3f86470d13b835e7
20110706123458 64.120.151.73 64-120-151-73.static.hostnoc.net 21788 21788 64.120.128.0/18 NOC - Network Operations Center Inc. loadexspressmedia.net http://loadexspressmedia.net/New-Video-Addon.48563.exe 2b87456df654bf67e0d211627ad2178d
20110706120608 64.120.151.73 64-120-151-73.static.hostnoc.net 21788 21788 64.120.128.0/18 NOC - Network Operations Center Inc. mediafileretention.net http://mediafileretention.net/New-Video-Addon.48563.exe 99056c48ba0b1874685e345554ebf5ed
20110706010127 64.120.151.73 64-120-151-73.static.hostnoc.net 21788 21788 64.120.128.0/18 NOC - Network Operations Center Inc. multimediagofiles.net http://multimediagofiles.net/Crack_18.and.abused.access.45376.exe 6356dfc5e06c7ad8bc5d42da4eb417e7
20110705183732 64.120.151.73 64-120-151-73.static.hostnoc.net 21788 21788 64.120.128.0/18 NOC - Network Operations Center Inc. mediafiles-go.us http://mediafiles-go.us/New-Video-Addon.48563.exe ec07140302db6323158cbb3e85eda18a
20110705181038 64.120.151.73 64-120-151-73.static.hostnoc.net 21788 21788 64.120.128.0/18 NOC - Network Operations Center Inc. multimediagofiles.net http://multimediagofiles.net/New-Video-Addon.48563.exe 38ba8a5a1a3c5bf428d51f7eddc6db57
20110705171005 64.120.151.73 64-120-151-73.static.hostnoc.net 21788 21788 64.120.128.0/18 NOC - Network Operations Center Inc. multimediaonline-fast.info http://multimediaonline-fast.info/New-Video-Addon.48563.exe 3b8bdfae5921435c60e0d8e3a87c14bc
20110705093049 64.120.151.73 64-120-151-73.static.hostnoc.net 21788 21788 64.120.128.0/18 NOC - Network Operations Center Inc. multimedia-fast.info http://multimedia-fast.info/New-Video-Addon.48563.exe c11fc869f0c56e5d6910710722a68628
20110705081810 64.120.151.73 64-120-151-73.static.hostnoc.net 21788 21788 64.120.128.0/18 NOC - Network Operations Center Inc. mediawebclub.biz http://mediawebclub.biz/New-Video-Addon.48563.exe 5f9482cf5acf727cdc9967f06a5ce60d
20110704151032 64.120.151.73 64-120-151-73.static.hostnoc.net 21788 21788 64.120.128.0/18 NOC - Network Operations Center Inc. moviesincmedic.net http://moviesincmedic.net/New-Video-Addon.48563.exe 0652305c8f908d3fd8a28a49f4d7c952
20110704140657 64.120.151.73 64-120-151-73.static.hostnoc.net 21788 21788 64.120.128.0/18 NOC - Network Operations Center Inc. mediaonlinedocs.net http://mediaonlinedocs.net/New-Video-Addon.48563.exe 7b4f2fd9b8cb589a1fe264a5c09f8442
20110704133148 64.120.151.73 64-120-151-73.static.hostnoc.net 21788 21788 64.120.128.0/18 NOC - Network Operations Center Inc. fast-serverdata.org http://fast-serverdata.org/New-Video-Addon.48563.exe 280680e1ea1ab36c3a5a68cd780563d4
20110703162314 64.120.151.73 64-120-151-73.static.hostnoc.net 21788 21788 64.120.128.0/18 NOC - Network Operations Center Inc. webarchivemedia.net http://webarchivemedia.net/New-Video-Addon.48563.exe 3da761fbba34911c4c90eedd37525cc4
20110703161412 64.120.151.73 64-120-151-73.static.hostnoc.net 21788 21788 64.120.128.0/18 NOC - Network Operations Center Inc. moviesincmedic.net http://moviesincmedic.net/New-Video-Addon.40028.exe 235af318637e7025a4946dc9a3a98d8e
20110702135140 64.120.151.73 64-120-151-73.static.hostnoc.net 21788 21788 64.120.128.0/18 NOC - Network Operations Center Inc. own-mediaload.com http://own-mediaload.com/New-Video-Addon.40028.exe 5a787b5919655340997684186001c0b1
20110702134545 64.120.151.73 64-120-151-73.static.hostnoc.net 21788 21788 64.120.128.0/18 NOC - Network Operations Center Inc. faststorage-files.com http://faststorage-files.com/New-Video-Addon.40028.exe b12a2f9bbc45f9ebab540842628adee8
20110702134533 64.120.151.73 64-120-151-73.static.hostnoc.net 21788 21788 64.120.128.0/18 NOC - Network Operations Center Inc. best-multimediafile.com http://best-multimediafile.com/New-Video-Addon.40028.exe 1bf8251130ebf43128e42c6f590057f8
20110702132920 64.120.151.73 64-120-151-73.static.hostnoc.net 21788 21788 64.120.128.0/18 NOC - Network Operations Center Inc. freevideoflash.in http://freevideoflash.in/FlashPlayer.40028.exe cbfffe7397b3f628c74c0aad5556db04
20110702132831 64.120.151.73 64-120-151-73.static.hostnoc.net 21788 21788 64.120.128.0/18 NOC - Network Operations Center Inc. freevideoflash.in http://freevideoflash.in/New-Video-Addon.40028.exe 4660794189deedc9dcaf77e8d8fdab5b
20110706131440 64.120.151.73 64-120-151-73.static.hostnoc.net 21788 21788 64.120.128.0/18 NOC - Network Operations Center Inc. mediafilestorage.biz http://mediafilestorage.biz/New-Video-Addon.48563.exe 2dd41d1a98e1ce8a3f86470d13b835e7
20110706123458 64.120.151.73 64-120-151-73.static.hostnoc.net 21788 21788 64.120.128.0/18 NOC - Network Operations Center Inc. loadexspressmedia.net http://loadexspressmedia.net/New-Video-Addon.48563.exe 2b87456df654bf67e0d211627ad2178d
20110706120608 64.120.151.73 64-120-151-73.static.hostnoc.net 21788 21788 64.120.128.0/18 NOC - Network Operations Center Inc. mediafileretention.net http://mediafileretention.net/New-Video-Addon.48563.exe 99056c48ba0b1874685e345554ebf5ed
20110706010127 64.120.151.73 64-120-151-73.static.hostnoc.net 21788 21788 64.120.128.0/18 NOC - Network Operations Center Inc. multimediagofiles.net http://multimediagofiles.net/Crack_18.and.abused.access.45376.exe 6356dfc5e06c7ad8bc5d42da4eb417e7
20110705183732 64.120.151.73 64-120-151-73.static.hostnoc.net 21788 21788 64.120.128.0/18 NOC - Network Operations Center Inc. mediafiles-go.us http://mediafiles-go.us/New-Video-Addon.48563.exe ec07140302db6323158cbb3e85eda18a
20110705181038 64.120.151.73 64-120-151-73.static.hostnoc.net 21788 21788 64.120.128.0/18 NOC - Network Operations Center Inc. multimediagofiles.net http://multimediagofiles.net/New-Video-Addon.48563.exe 38ba8a5a1a3c5bf428d51f7eddc6db57
20110705171005 64.120.151.73 64-120-151-73.static.hostnoc.net 21788 21788 64.120.128.0/18 NOC - Network Operations Center Inc. multimediaonline-fast.info http://multimediaonline-fast.info/New-Video-Addon.48563.exe 3b8bdfae5921435c60e0d8e3a87c14bc
20110705093049 64.120.151.73 64-120-151-73.static.hostnoc.net 21788 21788 64.120.128.0/18 NOC - Network Operations Center Inc. multimedia-fast.info http://multimedia-fast.info/New-Video-Addon.48563.exe c11fc869f0c56e5d6910710722a68628
20110705081810 64.120.151.73 64-120-151-73.static.hostnoc.net 21788 21788 64.120.128.0/18 NOC - Network Operations Center Inc. mediawebclub.biz http://mediawebclub.biz/New-Video-Addon.48563.exe 5f9482cf5acf727cdc9967f06a5ce60d
20110704151032 64.120.151.73 64-120-151-73.static.hostnoc.net 21788 21788 64.120.128.0/18 NOC - Network Operations Center Inc. moviesincmedic.net http://moviesincmedic.net/New-Video-Addon.48563.exe 0652305c8f908d3fd8a28a49f4d7c952
20110704140657 64.120.151.73 64-120-151-73.static.hostnoc.net 21788 21788 64.120.128.0/18 NOC - Network Operations Center Inc. mediaonlinedocs.net http://mediaonlinedocs.net/New-Video-Addon.48563.exe 7b4f2fd9b8cb589a1fe264a5c09f8442
20110704133148 64.120.151.73 64-120-151-73.static.hostnoc.net 21788 21788 64.120.128.0/18 NOC - Network Operations Center Inc. fast-serverdata.org http://fast-serverdata.org/New-Video-Addon.48563.exe 280680e1ea1ab36c3a5a68cd780563d4
20110703162314 64.120.151.73 64-120-151-73.static.hostnoc.net 21788 21788 64.120.128.0/18 NOC - Network Operations Center Inc. webarchivemedia.net http://webarchivemedia.net/New-Video-Addon.48563.exe 3da761fbba34911c4c90eedd37525cc4
20110703161412 64.120.151.73 64-120-151-73.static.hostnoc.net 21788 21788 64.120.128.0/18 NOC - Network Operations Center Inc. moviesincmedic.net http://moviesincmedic.net/New-Video-Addon.40028.exe 235af318637e7025a4946dc9a3a98d8e
20110702135140 64.120.151.73 64-120-151-73.static.hostnoc.net 21788 21788 64.120.128.0/18 NOC - Network Operations Center Inc. own-mediaload.com http://own-mediaload.com/New-Video-Addon.40028.exe 5a787b5919655340997684186001c0b1
20110702134545 64.120.151.73 64-120-151-73.static.hostnoc.net 21788 21788 64.120.128.0/18 NOC - Network Operations Center Inc. faststorage-files.com http://faststorage-files.com/New-Video-Addon.40028.exe b12a2f9bbc45f9ebab540842628adee8
20110702134533 64.120.151.73 64-120-151-73.static.hostnoc.net 21788 21788 64.120.128.0/18 NOC - Network Operations Center Inc. best-multimediafile.com http://best-multimediafile.com/New-Video-Addon.40028.exe 1bf8251130ebf43128e42c6f590057f8
20110702132920 64.120.151.73 64-120-151-73.static.hostnoc.net 21788 21788 64.120.128.0/18 NOC - Network Operations Center Inc. freevideoflash.in http://freevideoflash.in/FlashPlayer.40028.exe cbfffe7397b3f628c74c0aad5556db04
20110702132831 64.120.151.73 64-120-151-73.static.hostnoc.net 21788 21788 64.120.128.0/18 NOC - Network Operations Center Inc. freevideoflash.in http://freevideoflash.in/New-Video-Addon.40028.exe 4660794189deedc9dcaf77e8d8fdab5b
And it's worth noting, the filename isn't static, the various filenames in the list above, would've worked for all of the domains, just as they've done on previous IPs/domains.
/update 15:08
And predictably, they've moved to yet another HostNOC/Burst IP;
URL: herhynix.in/New-Video-Addon.48563.exe
IP: 184.22.253.11
References
Part 5: Interserver, malware, and the Scottish weather
http://hphosts.blogspot.com/2011/06/part-5-interserver-malware-and-scottish.html
Part 4: Interserver, malware, and the Scottish weather
http://hphosts.blogspot.com/2011/06/part-4-interserver-malware-and-scottish.html
Part 3: Interserver, malware, and the Scottish weather
http://hphosts.blogspot.com/2011/06/part-3-interserver-malware-and-scottish.html
Part 2: Interserver, malware, and the Scottish weather
http://hphosts.blogspot.com/2011/06/part-2-interserver-malware-and-scottish.html
Interserver, malware, and the Scottish weather
http://hphosts.blogspot.com/2011/06/interserver-malware-and-scottish.html
Posts
No comments:
Post a Comment