We are getting reports of various attacks. Look for this traffic. Chances are if you see traffic going to these 2 host you are probably infected.
89.238.150.154 port 5
162.253.66.76 port 53
We will post additional information as we find out more. The first host appears to be offline now but it may be a good idea to check for outgoing connections on port 5 anyway.
Infected machines may try and connect to 185.31.209.84 on port 443 which is hosting an IRC server for C+C on channel.
UPDATE: As of 10:30AM EST all of the identified servers have been taken offline. We will continue to monitor this situation.
No comments:
Post a Comment