Servers distributing malware, beware

Portal Home > Knowledgebase > Articles Database > Servers distributing malware, beware

Posted by SaaSMX, 11-04-2010, 05:05 PM
Hi, As mentioned, we have this list of IPs distributing malware and/or using stolen FTP passwords. Most of these servers are at The Planet, some others at SoftLayer, and the rest at or provided by Limestone, OVH, Single Hop, Vortech, GNAX, Hetzner, Hostalia, etc. 174.121.1.34 173.192.60.66 112.213.84.80 174.121.152.194 70.85.144.194 74.53.70.2 74.55.128.162 69.73.178.66 67.19.146.74 88.198.23.186 89.104.70.13 216.157.140.192 174.120.96.130 205.251.143.10 74.53.114.6 70.87.94.66 173.192.207.107 87.118.66.86 174.132.159.34 67.228.216.14 82.194.84.84 74.54.71.143 69.175.29.58 67.212.76.157 94.23.224.168 174.120.31.34 79.98.40.17 216.245.203.178 202.146.212.11 208.109.242.197 74.54.198.50 91.195.80.36 67.18.16.50 216.67.225.92 These IPs were gathered from Octuber logs. Cheers
Posted by drspliff, 11-05-2010, 03:03 AM
Why not report to projecthoneypot?
Posted by MikeDVB, 11-05-2010, 05:20 AM
Can you be more specific or detailed than just a simple list of IPs?
Posted by SaaSMX, 11-05-2010, 03:21 PM
These servers are being used to establish FTP connections from stolen passwords (ie. Gumblar virus) and inject code of the like: and some base64 as well. We got these IPs from the FTP access logs of an infected customer during Octuber.
Posted by JefS, 11-06-2010, 07:31 PM
I'm not surprised in the least that Vortech is in that list, they've been blaming their hacked servers on their customers for over a year. http://forum.vortechhosting.com/show...highlight=hack http://forum.vortechhosting.com/show...highlight=hack