Friday, September 26, 2014

UPDATE: FTP Cracking Attacks now seen as a result of Bash vulnerability Updated 2:45PM EST

We are now starting to see many thousands of FTP brute force attacks and DDOS activity as a direct result of the Bash vulnerability. We have started getting reports of FTP server attacks and DDOS attacks. We are updating our list of block suggestions that are available for direct download at www.slcsecurity.com in the "Lab" section of the website. The previously reported botnet has been taken offline. The C+C is no longer responding to inquiries from infected machines.

Also keep in mind that you will more than likely be scanned by shodan.io or one of their other domains. Here are a list of the domains that are owned or associated with shodan as of 2:15PM EST.

arguschariot.org
104.28.6.56
www.transparentpakistan.org
shodan.io
windsordirect.info
redditeast.com
www.transparent-pakistan.org
whc-community.net
artmuseumbi.org
104.28.13.0-104.28.13.255
www.upholsteryjacksonvillefl.net
hody-c.fr
northwestcrossing.com
jwebphoto.com
agenciada.com.br
yoraishin.org
lescarresgourmands.fr
gincofrance.fr
zenebo.fr
austinorthobio.com
townsvilledirect.info
crepesconcept.com
fluffyspoonesports.com
boxcool.fr
3dimmobilier.info
comptoirdelor.fr
104.28.14.126
pflp.ps
nevergiveup.fr
lenih.ru
integradacomunicacao.com.br
elisafrance.fr
best-practice.se
transparentpakistan.org
www.hyipscope.org
watchfilmhd.com
flatwoodnatives.com
parkietybydgoszcz.pl
104.28.10.100
interestingandwtf.com
tomblesonassociates.com
itaueiranet.com.br
dangersalamaison.com
ss2e-conseil.com
104.28.7.56
jetpub.fr
languagesandco.com
spielaffe.me
koraljka.info
emaster.biz
ladromeprovencale.mobi
13335
properlocal.pl
ebox.com.my
jpmiranda.com.br
tpa-immobilier.com
regmark.cz
rsfirm.com
hotel-america.com
aiybooks.com
christianpaul.fr
smrt33.org
spion.fr
50.23.7.0-50.23.7.255
ilearnlamp.com
162.159.245.38
treefishgraphics.com
regression.es
1touch.my
kidici.fr
itcreditpower.mobi
162.159.244.0-162.159.244.255
trailerstars.com
imaginpub.com
palaisdusport.com
gdp.com.sg
jamas.net
104.28.6.8
surgicryl.com
chateauanquetil.com
104.28.7.0-104.28.7.255
underwurlde.com
7to77fitness.fr
awesomg.com
belazar.fr
petrosil.com
nachosalad.com
spool.mail.gandi.net
upholsteryjacksonvillefl.net
pixpress.fr
silverstacker.net
clinicacuidarte.com.br
162.159.245.0-162.159.245.255
undervibe.com
axuriance.fr
freeears.com
cppkit.com
niduki-foundation.com
allergyinyourpractice.com
moreshoppings.com
hyipscope.org
energytroisanges.eu
bestpicts.me
osmoseeurop.com
162.252.52.131
ocoa.fr
levcar.com.br
mctrip.eu
rcsa.co.uk
wujitao.my
pilalheure.com
kk138.com
juscontrol.com.br
croffice.fr
lolzgagz.com
sewingbuttonsdesign.biz
cinereach.org
ed.ns.cloudflare.com
www.shodan.io
gullpetroleum.com
www.forandroid.org
shodan.io
lovechat.us
deaconpunnett.com
sanqiu.info
boomerbiz.biz
lancaster.fr
fauredelacour.fr
bikegrips.us
transparent-pakistan.org
www.replicabalenciagaoutlet.com
haberdar.com
104.28.12.53
abcpd.com.br
beinrabat.com
fashionhypes.com
hotelitapoa.com
tvplay.org
mistercrepes.fr
correspondendo.com.br
replicabalenciagaoutlet.com
dif-fraction.com
huangbong.com
homecomfort.com.br
globalmonster.com.br
myjordanshoes.com
yubacitydirect.info
lady.ns.cloudflare.com
guy-toussaint.net
fb.mail.gandi.net
forandroid.org
villakatarina.org
67.228.155.162
fiberdiziizle.com
toddmgreen.com
zygorguidesdownload.com
europalive.org
investstatus.com
eve-gps3.com
vitimeca.com
104.28.13.53
codeya.fr
planetpizza.fr
bestofbistrot.fr
104.28.7.8
brightbee.com.br
agrimensuranet.com.br
welshponies.org
www.investstatus.com
ump-mulhouse.org
104.28.13.49
boisconcept21.fr
photographe-clermont-63.biz
162.159.244.38
a-b.com.ua
protegezvotrebudget.com
goliathplay.com
montfortlamaury.com
rf2minecraft.net
36351
chudaimaza.com
26458 32421
downloadmovienow.com
toyoulaugh.com
varejolocal.com.br
contando.com.br
50.23.7.195
vhfvmp.net
triptico.com
162.252.52.0-162.252.52.255
www.yubacitydirect.info
chinonlambert.com
www.properlocal.pl
www.1touch.my


Additional IP Attackers:
  104.28.15.126
103.25.56.88
114.34.53.44
104.28.12.49
128.2.100.168
104.28.6.0-104.28.6.255
104.28.11.0-104.28.11.255
104.28.12.0-104.28.12.255
104.28.11.100
195.154.119.37
198.58.106.99
201.234.8.200
208.118.61.44
208.90.195.26
209.87.250.253
217.66.159.51
54.79.112.147
72.167.37.182
78.47.50.35
85.8.8.11
87.118.126.43
91.200.84.22
91.201.53.25
93.103.21.231
108.162.197.26
122.226.223.69
151.193.220.28
162.253.66.76
166.78.61.142
168.235.145.99
185.56.8.31
198.101.206.138
208.118.61.64
209.126.230.72
209.139.35.109
209.139.35.111
209.139.35.112
209.139.35.113
209.139.35.114
209.139.35.116
213.5.67.223
37.187.225.119
54.251.83.67
61.160.224.130
63.247.112.10
63.247.112.4
66.186.2.173
69.163.37.115
74.201.85.65
74.201.85.75
82.165.144.187
89.207.135.125
109.95.210.196
94.102.60.177
146.115.119.59
50.116.32.98
46.16.170.158

Additional Attackers Noted
9/27/2014
173.44.37.242
119.136.161.189
116.236.216.116


No comments:

Post a Comment