drone armies C&C report - Jan/2005

Gadi Evron gadi at tehila.gov.il
Sun Jan 30 11:42:39 UTC 2005

Below is a periodic public report from the drone armies / botnets 
research and mitigation mailing list.
For this report it should be noted that we base our analysis on the data
we have accumulated from various sources.

According to our incomplete analysis of information we have thus far, we
now publish two reports.

The ISP's that are most often plagued with botnet C&C's (command &
control) are, by the order listed:
2. AS6517		YIPS Yipes Communications  Inc
3. AS21840		SAGONE Sago Networks
4. AS4766		KIXS-AS-KR Korea Telecom
5. AS5731		ATTW AT&T WorldNet Services
6. AS25761		STAMIN-2 Staminus Communicatio
7. AS30083		SERVE-6 Server4You Inc.

* We would gladly like to establish a trusted relationship with
   these and any organizations to help them in the future.

The Trojan horses most used in botnets:
1. Korgobot.
2. SpyBot.
3. Optix Pro.
4. rBot.
5. Other SpyBot variants and strains (AgoBot, PhatBot, actual SDbots,

Contact information:
Hank Nussbacher <hank at mail.iucc.ac.il>
Gadi Evron (as specified below)

Gadi Evron,
Information Security Manager, Project Tehila -
Israeli Government Internet Security.
Ministry of Finance, Israel.

gadi at tehila.gov.il
gadi at CERT.gov.il
Office: +972-2-5317890
Fax: +972-2-5317801

The opinions, views, facts or anything else expressed in this email 
message are not necessarily those of the Israeli Government.

More information about the NANOG mailing list