Comments on NOC4HOSTS and the Grum BotnetTypePad2008-12-06T00:28:21ZFireEyehttp://blog.fireeye.com/research/tag:typepad.com,2003:http://blog.fireeye.com/research/2008/12/noc4host-and-the-grum-botnet/comments/atom.xml/kai commented on 'NOC4HOSTS and the Grum Botnet'tag:typepad.com,2003:6a00d835018afd53ef01116866ad5f970c2009-02-16T01:16:28Z2009-02-16T19:23:10Zkaithis is another of their scam sites with a search I did http://www.nowtorrents.com/torrents/this+is+a+scam+site+.html hosted by NOC4HOSTS you may find the...<p>this is another of their scam sites with a search I did <a href="http://www.nowtorrents.com/torrents/this+is+a+scam+site+.html" rel="nofollow">http://www.nowtorrents.com/torrents/this+is+a+scam+site+.html</a> hosted by NOC4HOSTS you may find the search results interesting! There should be an easier way to shut these sort of sites and companies down</p>Andrew commented on 'NOC4HOSTS and the Grum Botnet'tag:typepad.com,2003:6a00d835018afd53ef01053657ab68970b2008-12-12T21:17:25Z2008-12-12T21:17:25ZAndrewThere's a cutwail C&C also running in HI velocity @ 69.46.20.65. The traffic is to port 2065 and looks like...<p>There's a cutwail C&C also running in HI velocity @ 69.46.20.65. The traffic is to port 2065 and looks like obfuscated traffic. The only discernible text in the stream is "L.....9ifnospam.0.exe_url..exe_url........"</p>
<p>The other portion of the cutwail C&C is in SoftLayer, also in the US. I posted some of the details on my blog: <a href="http://realsecurity.wordpress.com/" rel="nofollow">http://realsecurity.wordpress.com/</a></p>Martin commented on 'NOC4HOSTS and the Grum Botnet'tag:typepad.com,2003:6a00d835018afd53ef0105364a51f1970b2008-12-09T09:28:13Z2008-12-09T09:28:13ZMartinHivelocity response team is actually decently responsive, they null routed all mentionned IPs yesterday.<p>Hivelocity response team is actually decently responsive, they null routed all mentionned IPs yesterday.</p>Skudd commented on 'NOC4HOSTS and the Grum Botnet'tag:typepad.com,2003:6a00d835018afd53ef0105364a2bef970c2008-12-07T00:06:27Z2008-12-07T00:06:27ZSkuddhttp://www.skudd.com/Out of curiosity, do you folks report this sort of thing to the DC's abuse team? Where I work (an...<p>Out of curiosity, do you folks report this sort of thing to the DC's abuse team? Where I work (an unnamed leader in the hosting industry), our abuse team takes this sort of thing _very_ seriously. If the NOC won't do anything about it, hand the packet logs over to the upstream provider(s) along with copies of the messages submitted to the DC.</p>