[Dshield] new Agobot infection here?

Richard Roy Rich.Roy at justicetrax.com
Thu Mar 4 19:27:28 GMT 2004


According to DNSstuff.com and Arin.net it is some colocation company
hosting porn.  Most definitely a browser hijack by malware to get
traffic to the porn site.

www.ipiku.com. CNAME IN 38400 ipiku.com. ipiku.com. NS IN 38400
ns1.teen4ever.net. ipiku.com. NS IN 38400 ns2.teen4ever.net.
ns1.teen4ever.net. A IN 38400 63.246.157.25 ns2.teen4ever.net. A IN
38400 63.246.157.26 

Search results for: 63.246.157.26 


OrgName:    United Colocation Group, Inc.
OrgID:      UCG-14
Address:    200 Paul Ave., Suite 500
City:       San Francisco
StateProv:  CA
PostalCode: 94124
Country:    US

NetRange:   63.246.128.0 - 63.246.159.255
CIDR:       63.246.128.0/19
NetName:    ASN-UNCGI-EXC-02
NetHandle:  NET-63-246-128-0-1
Parent:     NET-63-0-0-0-0
NetType:    Direct Allocation
NameServer: NS1.UNITEDCOLO.NET
NameServer: NS2.UNITEDCOLO.NET
Comment:
RegDate:    2002-10-24
Updated:    2003-03-24

NOCHandle: INFO-ARIN
NOCName:   Info
NOCPhone:  +1-888-993-9339
NOCEmail:  info at unitedcolo.com

AbuseHandle: ABUSE185-ARIN
AbuseName:   Abuse
AbusePhone:  +1-888-993-9339
AbuseEmail:  abuse at unitedcolo.com

TechHandle: SYSAD4-ARIN
TechName:   Sysadmin-UCG
TechPhone:  +1-888-993-9339
TechEmail:  sysadmin at unitedcolo.com

OrgTechHandle: ZS203-ARIN
OrgTechName:   Sago Networks
OrgTechPhone:  +1-866-510-4000
OrgTechEmail:  ipadmin at sagonet.com

# ARIN WHOIS database, last updated 2004-03-03 19:15
# Enter ? for additional hints on searching ARIN's WHOIS database.

-----Original Message-----
From: list-bounces at dshield.org [mailto:list-bounces at dshield.org] On
Behalf Of Kenneth Coney
Sent: Thursday, March 04, 2004 12:03 PM
To: list at dshield.org
Subject: Re: [Dshield] new Agobot infection here?


Well the site is certainly infected with Trojan.ByteVerify.  Probably
other 
stuff too.  In any case  since it has photos of children performing sex 
acts it's owners need to be tracked down and publicly executed.


_______________________________________________
list mailing list
list at dshield.org
To change your subscription options (or unsubscribe), see:
http://www.dshield.org/mailman/listinfo/list




More information about the list mailing list