http://www.techworld.com/security/news/index.cfm?newsID=107278 By John E. Dunn Techworld 18 November 2008 Large numbers of infected computers have been searching in vain for the Srizbi botnet disrupted by the disconnection of ISP McColo a week ago, a security vendor has found. According to FireEye Security, the company has detected a total of 450,000 compromised IP addresses have been trying to connect to Sribzi-controlled command and control computers that would have been hosted by McColo until it disappeared. The company identifies Srizbi by monitoring computers that attempt to connect to IP addresses 75.127.68.122 or 64.22.92.154 from November 12 onwards, and recommends that admins check firewall logs to trace http traffic opening ports to these locations. The majority of infected PCs will likely be poorly-protected consumer PCs, but in principle an IP connection attempts can come from any PC, servers included. If infected PCs are located on a network, the company cautions that cleaning a system might not be straightforward. [...] ______________________________________________ Visit the InfoSec News Security Bookstore Best Selling Security Books and More! http://www.shopinfosecnews.orgReceived on Tue Nov 18 2008 - 23:12:19 PST
This archive was generated by hypermail 2.2.0 : Tue Nov 18 2008 - 23:20:43 PST