Four Command & Control servers, all generated by the Domain Generation Algorithm previously discussed, were observed in the wild today
(Square brackets added to prevent malware detectors from freaking out...)
If you have network traffic headed to any of these destinations, that would be a Very Bad Thing.
Question of the Day: The C&C's are certainly set up "Fast Flux Style" — they use a 300 second Time To Live, but have held the same IP hosts all day long. That's a change from the behavior observed July 10th by this botnet (shared here as ( http://it.slashdot.org/story/1... ). Theories on why are welcome . . ."
Link to Original Source