Thursday, September 25, 2014

BOTNET ACTIVITY: Related to Bash Vulnerability (UPDATED)

We are getting reports of various attacks. Look for this traffic. Chances are if you see traffic going to these 2 host you are probably infected.

89.238.150.154 port 5
162.253.66.76 port 53

We will post additional information as we find out more. The first host appears to be offline now but it may be a good idea to check for outgoing connections on port 5 anyway.

Infected machines may try and connect to 185.31.209.84 on port 443 which is hosting an IRC server for C+C on channel.

UPDATE: As of 10:30AM EST all of the identified servers have been taken offline. We will continue to monitor this situation.

No comments:

Post a Comment