Hello, I recently discovered a machine that was infected with a version of the DarkIRC bot (http://www.tlsecurity.net/backdoor/DarkIrc.html)and had been participating in DDoS network. In an effort to save my self some time and help inform all the others that are participating in the same botnet I have listed the domains or class c address in which an infected computer resides. If you are an admin of one of these networks please send me an email from within the posted network and I will provide you with the host(s). Thanks, -Blake # Hosts Domain/Network 1 128.163.23.x 1 128.163.50.x 1 128.226.38.x 1 128.238.53.x 1 128.252.32. 1 128.32.208.x 1 132.206.189.x 1 140.192.178.x 1 141.140.107.x 1 141.209.210.x 1 141.209.221.x 1 141.210.178.x 1 146.145.193.x 1 146.186.37.x 1 147.26.202.x 1 150.199.175.x 1 150.208.139.x 1 150.208.244.x 1 150.7.167.x 1 160.39.145.x 1 206.111.221.x 1 albany.edu 1 american.edu 1 avidi.no 1 Berkeley.EDU 1 calpoly.edu 1 cnc.net 1 creighton.edu 1 cvut.cz 1 emory.edu 1 ilstu.edu 1 imsa.edu 1 miami.edu 1 mu.edu 1 muohio.edu 1 ohio-state.edu 1 rmit.edu.au 1 telus.net 1 ucf.edu 1 UCLA.EDU 1 ucsd.edu 1 uiuc.edu 1 uky.edu 1 uncc.edu 1 unh.edu 1 unict.it 1 unl.edu 1 wm.edu 2 131.204.51.x 2 132.170.133.x 2 132.170.202.x 2 141.210.168.x 2 binghamton.edu 2 cornell.edu 2 criten.net 2 csupomona.edu 2 furman.edu 2 gatech.edu 2 gsu.edu 2 muskingum.edu 2 psu.edu 2 umich.edu 3 cmich.edu 3 sunysb.edu 3 umt.edu 3 wustl.edu 4 Stanford.EDU 4 ucdavis.edu 5 YSU.EDU 9 indiana.edu ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
This archive was generated by hypermail 2b30 : Thu Apr 04 2002 - 11:03:13 PST