Trojan traffic from 115.100.250.112

Hadas Shany hadas at tehila.gov.il
Mon Mar 8 14:21:38 UTC 2010


Hello NANOG,

Yesterday we've found some strange requests in our logs, typical to the Daonol Trojan. According to the logs, the infected computers are sending personal information such as search engine lookups and browsing history. The information sent to 115.100.250.112.
Log entry for example: GET http://115.100.250.112/x/?0ECiqocksamkpjqtnwhgrtieydpwgvnmktk2 HTTP/1.0..SS:
More information on Daonol Trojan: http://www.microsoft.com/security/portal/Threat/Encyclopedia/Entry.aspx?Name=Win32%2fDaonol
We've blocked all communication with this address.

Thank you,
Hadas Shany
CERT.GOV ISRAEL



More information about the NANOG mailing list