[Dshield] nsave.stabilt.se

aihomes at comcast.net aihomes at comcast.net
Thu Sep 27 23:27:08 GMT 2007


I've checked a handful of botnet listings including shadowserver.org, but none list the resolved IP of this host. 

TrendMicro posted a highly relevant write-up on the threat and I've seen it in action:

http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_IRCBOT.NX&VSect=T

The network traffic pattern described is dead on - haven't perform a forensic yet to identify the variant, but will update the thread. Here is a report from DNS stuff who have the domain name cached:

http://www.dnsstuff.com/tools/ispdns.ch?name=nsave.stabilt.se&type=A&token=26108251b7d4a0f61b6311770b953019

Just wanted to inform the community. 

Regards,

Egan
Sent from my BlackBerry® wireless handheld



More information about the list mailing list