Trojan traffic from 115.100.250.112
Hadas Shany
hadas at tehila.gov.il
Mon Mar 8 14:21:38 UTC 2010
Hello NANOG,
Yesterday we've found some strange requests in our logs, typical to the Daonol Trojan. According to the logs, the infected computers are sending personal information such as search engine lookups and browsing history. The information sent to 115.100.250.112.
Log entry for example: GET http://115.100.250.112/x/?0ECiqocksamkpjqtnwhgrtieydpwgvnmktk2 HTTP/1.0..SS:
More information on Daonol Trojan: http://www.microsoft.com/security/portal/Threat/Encyclopedia/Entry.aspx?Name=Win32%2fDaonol
We've blocked all communication with this address.
Thank you,
Hadas Shany
CERT.GOV ISRAEL
More information about the NANOG
mailing list