Operation Ghost Click

Kyle Creyts kyle.creyts at gmail.com
Thu Apr 26 23:58:59 UTC 2012


Thanks, Andrew. I was out and about, and couldn't remember the prefixes
off-hand. They should have been in that PDF, iirc
On Apr 26, 2012 6:01 PM, "Andrew Latham" <lathama at gmail.com> wrote:

> On Thu, Apr 26, 2012 at 5:57 PM, Kyle Creyts <kyle.creyts at gmail.com>
> wrote:
> >
> http://www.fbi.gov/news/stories/2011/november/malware_110911/DNS-changer-malware.pdf
> >
> > On Apr 26, 2012 5:48 PM, "Leigh Porter" <leigh.porter at ukbroadband.com>
> > wrote:
> >>
> >>
> >> On 26 Apr 2012, at 22:47, "Andrew Latham"
> >> <lathama at gmail.com<mailto:lathama at gmail.com>> wrote:
> >>
> >>
> >> On Thu, Apr 26, 2012 at 5:38 PM, Jeroen van Aart
> >> <jeroen at mompl.net<mailto:jeroen at mompl.net>> wrote:
> >>
> >> Yes its a major problem for the users unknowingly infected.  To them
> >> it will look like their Internet connection is down.  Expect ISPs to
> >> field lots of support s
> >>
> >> Is there a list of these temporary servers so I can see what customers
> are
> >> using them (indicating infection) and head off a support call with some
> >> contact?
> >>
> >> --
> >> Leigh
>
> 85.255.112.0 through 85.255.127.255
> 67.210.0.0 through 67.210.15.255
> 93.188.160.0 through 93.188.167.255
> 77.67.83.0 through 77.67.83.255
> 213.109.64.0 through 213.109.79.255
> 64.28.176.0 through 64.28.191.255
>
> --
> ~ Andrew "lathama" Latham lathama at gmail.com http://lathama.net ~
>
>



More information about the NANOG mailing list