Become a fan of Slashdot on Facebook

 



Forgot your password?
typodupeerror

Slashdot videos: Now with more Slashdot!

  • View

  • Discuss

  • Share

We've improved Slashdot's video section; now you can view our video interviews, product close-ups and site visits with all the usual Slashdot options to comment, share, etc. No more walled garden! It's a work in progress -- we hope you'll check it out (Learn more about the recent updates).

×

+ - newGOZ Spams Again - GameOver Zeus spam observed in the wild->

Submitted by GarWarner
GarWarner (1676334) writes "Brendan Griffin over at Malcovery has posted a new story documenting two spam campaigns seen in the wild today that use the newGOZ Command & Control infrastructure. The first spam used the subject line "Subject: Fw: Credit Applicaiton" (sic) while the second campaign of the day used the subject line "Subject: Haun Welding Invoice". (Haun Welding is a real company in Syracuse, NY, obviously not associated with the malware.)

Four Command & Control servers, all generated by the Domain Generation Algorithm previously discussed, were observed in the wild today .. all resolving to the same IP addresses.

hmeyx8mxqrxe1uwcn5w1win68w[.]net
szaj031k3ha447pniqr1003qx6[.]org
1stze0f1u7of3z18wu4in5prafy[.]net
dwgu4j8n210w18spq9rsz0uzj[.]biz
178.211.41[.]246
211.108.69[.]117
4.30.111[.]88

(Square brackets added to prevent malware detectors from freaking out...)

If you have network traffic headed to any of these destinations, that would be a Very Bad Thing.

Question of the Day: The C&C's are certainly set up "Fast Flux Style" — they use a 300 second Time To Live, but have held the same IP hosts all day long. That's a change from the behavior observed July 10th by this botnet (shared here as ( http://it.slashdot.org/story/1... ). Theories on why are welcome . . ."

Link to Original Source
This discussion was created for logged-in users only, but now has been archived. No new comments can be posted.

newGOZ Spams Again - GameOver Zeus spam observed in the wild

Comments Filter:

Information is the inverse of entropy.

Working...