nanog mailing list archives
Re: Malicious DNS request?
From: Suresh Ramasubramanian <ops.lists () gmail com>
Date: Thu, 12 May 2005 15:09:00 +0530
On 5/12/05, Joe Shen <joe_hznm () yahoo com sg> wrote:
By tcpdump, it's found a remote computer keep asking address for record like 999d38e693b9e6293b450.0existence.com, 60d38e693b9e6293b450.0be6c1xfa.net. is that a virus affacted computer?
Sure looks like some kind of massmailer trojan, or a affiliate program based spam sending software like Atriks. These two domains you quoted have rather interesting whois records, particularly 0existence.com .. Domain Name.......... 0existence.com Creation Date........ 2004-10-23 Registration Date.... 2004-10-23 Expiry Date.......... 2009-10-23 Organisation Name.... William Peter Organisation Address. 52 THIRD AVENUE Organisation Address. Organisation Address. Woonsocket Organisation Address. 02895 Organisation Address. RI Organisation Address. UNITED STATES Admin Name........... William Peter Admin Address........ 52 THIRD AVENUE Admin Address........ Admin Address........ Woonsocket Admin Address........ 02895 Admin Address........ RI Admin Address........ UNITED STATES Admin Email.......... doi.looklikeafucktardtoyou () 0existence com Admin Phone.......... +1.4067672231 Admin Fax............ Tech Name............ Existence Corporation Tech Address......... 701 First Ave. Tech Address......... Tech Address......... Sunnyvale Tech Address......... 94089 Tech Address......... CA Tech Address......... UNITED STATES Tech Email........... doi.looklikeafucktardtoyou () 0existence com Tech Phone........... +1.6198813096 Tech Fax............. +1.6198813010 -- Suresh Ramasubramanian (ops.lists () gmail com)
Current thread:
- Malicious DNS request? Joe Shen (May 12)
- Re: Malicious DNS request? Suresh Ramasubramanian (May 12)
- Re: Malicious DNS request? Gadi Evron (May 12)
- Re: Malicious DNS request? Brad Knowles (May 12)
- Re: Malicious DNS request? Valdis . Kletnieks (May 12)
- Re: Malicious DNS request? Brad Knowles (May 12)
- Message not available
- Re: Malicious DNS request? Bill Stewart (May 15)
- Re: Malicious DNS request? Brad Knowles (May 12)
- <Possible follow-ups>
- Re: Malicious DNS request? Joe Shen (May 17)
- Re: Malicious DNS request? Paul Vixie (May 17)
- Network Mitigation Devices Kevin Billings (May 17)
- Microsoft broke MTU discovery by last security pathces?? Alexei Roudnev (May 17)
- Re: Microsoft broke MTU discovery by last security pathces?? Mike Tancsa (May 17)
- Re: Malicious DNS request? Paul Vixie (May 17)