nanog mailing list archives

Previous By Date Next
Previous By Thread Next

Trojan traffic from 115.100.250.112

From: Hadas Shany <hadas () tehila gov il>
Date: Mon, 8 Mar 2010 16:21:38 +0200
Hello NANOG,

Yesterday we've found some strange requests in our logs, typical to the Daonol Trojan. According to the logs, the 
infected computers are sending personal information such as search engine lookups and browsing history. The information 
sent to 115.100.250.112.
Log entry for example: GET http://115.100.250.112/x/?0ECiqocksamkpjqtnwhgrtieydpwgvnmktk2 HTTP/1.0..SS:
More information on Daonol Trojan: 
http://www.microsoft.com/security/portal/Threat/Encyclopedia/Entry.aspx?Name=Win32%2fDaonol
We've blocked all communication with this address.

Thank you,
Hadas Shany
CERT.GOV ISRAEL
Previous By Date Next
Previous By Thread Next

Current thread: