AOH :: IS1381.HTM

Srizbi botnet flounders after McColo shutdown




Srizbi botnet flounders after McColo shutdown
Srizbi botnet flounders after McColo shutdown



http://www.techworld.com/security/news/index.cfm?newsID=107278 

By John E. Dunn
Techworld
18 November 2008

Large numbers of infected computers have been searching in vain for the 
Srizbi botnet disrupted by the disconnection of ISP McColo a week ago, a 
security vendor has found.

According to FireEye Security, the company has detected a total of 
450,000 compromised IP addresses have been trying to connect to 
Sribzi-controlled command and control computers that would have been 
hosted by McColo until it disappeared.

The company identifies Srizbi by monitoring computers that attempt to 
connect to IP addresses 75.127.68.122 or 64.22.92.154 from November 12 
onwards, and recommends that admins check firewall logs to trace http 
traffic opening ports to these locations.

The majority of infected PCs will likely be poorly-protected consumer 
PCs, but in principle an IP connection attempts can come from any PC, 
servers included. If infected PCs are located on a network, the company 
cautions that cleaning a system might not be straightforward.

[...]


______________________________________________      
Visit the InfoSec News Security Bookstore
Best Selling Security Books and More!
http://www.shopinfosecnews.org 

Site design & layout copyright © 1986-2014 CodeGods