I've been monitoring a botnet for a few weeks now but haven't been able to figure out what it's name is or really any info on it. It's sort of an interesting bot that is used for sending spam. It seems it only sends out links to websites that either have more malware to download or are Canadian pharmacy websites. The stuff it sends is obvious spam and the volume is pretty low.
Some of the domains I've seen:
annett.in.ua
antonella.in.ua
antje.in.ua
yany.kr.ua
The server at 95.163.107.201 seems to be a monitor making sure the system is still up and working. The information exchanged is just a varying string of encryption and decimal numbers. The server at 217.12.199.48 has the meat and potatoes. It sends out lists of email addresses and spam templates to the minions.
No comments:
Post a Comment