Re: [tor-talk] Many more Tor users in the past week?

Thu, 05 Sep 2013 15:27:34 -0700 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

So here are some basic facts about the server that's distributing the
purported botnet file:

  * They're running Ubuntu 9.04 & nginx 1.1.19
  * OpenSSH is set up on the server
  * The SSL cert is a wildcard from GoDaddy, issued for *.xecu.net,
created on 11 Feb 2013. (probably for the mail server at mail-in01.xecu.net)
  * Ports 80, 22, & 25 are open.  53, 135, 139, & 445 are filtered but open
  * Also hosted at this IP address is proaccvehicles.com, which may or
may not be related to the site distributing malware.

Has anyone had a chance to actually tear into the tc.c1 file yet?

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)

iQIcBAEBAgAGBQJSKPaMAAoJEOMx/SmueSyXbCIP/3csiQbvLCweabRv/FDLq8R3
eY6bHsy8tM4qCS8PMF4eXCGWszg/n+Ie2xKRIGf7rhXAl1HkqtoEp2rCSXzqkTLT
IzPrITF4VI0NYNmOAbJnGPUO3NLM6axn3PvsHHU9ZCQHQwcdFA3D6PdmuuYNxad7
vugCsI6mQyONWiu7Od4YNG/z9cvCBN3Zfhq7eT5ajUO1/4lRHdTn+yd27S8HfrQN
uU2nCVOSKVfzCckWSefz88+BVka4G5YqU0wbv/BMWv3EHEBuO+VMIhi9ErNU9qiR
Pf+bykGrnPgxzpsX2PkBhVhDCROkEig2V9q06NSg4KSNXp1ONt14Z0QM7se4qm1P
H3tk3h5c678Yb+TAioRO8K+hDocgI6y94E5iCabVy1RjoAZsDFr6gFqD/6iczJpz
noElu/qbhrRq9m+DDWTYG4UmCMmJiLfTlg790tuafHgYj7uF2Ops4ImcgeAnBxxt
BOKxLv1IRN4oXQ7XHFTsUmqY1qBWqicIoFTUMLK4zsAH8+lkhG5GFTiFnF1V2wbf
7C/7oLB6ctbvWKgOd2T/Cu8ozbCLu2Hd9kpg2+RswbummD7F7UXbv7ALvJNg1sma
qPeiwnzYVOKtm9fbNiIcJugXVfkLQNBiMkdYW+LXf8iFNl+pV601L+TaRGvPfYUl
nVpyJC3fQQS4GkJE3ClM
=ntl+
-----END PGP SIGNATURE-----

-- 
tor-talk mailing list - [email protected]
To unsusbscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

Reply via email to