The most hated IP address of 2005 ?
Time for a little hall of shame. Is there any IP address range or individual IP address that was annoying the daylight out of you in 2005? An address where you tried and tried to contact the ISP to have a malware, botnet controller, exploit page removed, but to no avail? Where exploits kept coming back again and again ? Let us know, and we might share your story. For starters, here is mine:
Most Hated Netblock:195.225.176.x - 195.225.177.x (AS31159)
Provider: Netcathost, Kiev, Ukraine
Reason for claim to fame: Hosting exploits, browser hijackers and CoolWebSearch related annoyances since several months. Ignoring, bouncing, or rejecting any complaints to the abuse contacts.
Update: beehappyy.biz is being implicated in the currently ongoing WMF 0-day exploit mania. And guess what beehappyy.biz resolves to ? 195.225.176.38 - my favorite netblock again. Null-Routing, anyone?
Most Hated Netblock:195.225.176.x - 195.225.177.x (AS31159)
Provider: Netcathost, Kiev, Ukraine
Reason for claim to fame: Hosting exploits, browser hijackers and CoolWebSearch related annoyances since several months. Ignoring, bouncing, or rejecting any complaints to the abuse contacts.
Update: beehappyy.biz is being implicated in the currently ongoing WMF 0-day exploit mania. And guess what beehappyy.biz resolves to ? 195.225.176.38 - my favorite netblock again. Null-Routing, anyone?
Keywords:
0 comment(s)
Searching money, finding exploit
Every now and then, when using completely benign search terms in Google and others, the results that come out on top range from "not nice" to "outright hostile". We've received a report from a user who was looking for "money", and what he got presented with was a link to hxxp://hyipgoldinvest.com (dont click). The site is booby-trapped with an exploit variant of MS05-054 that is not yet detected by AV. Conclusion: Careful what you click on. An URL returned by a search engine is not necessarily more trustworthy than one that you receive in a spam message that offers "che ap replcia wathces".
Keywords:
0 comment(s)
Possible IM attack gearing up.
We have received a few emails today advising us that users are receiving popups while on IM. These emails try to convince you to click on a link that is purported to be MyPictures. It apparently attempts to install a version of SDBot.
Remember - Don't click on links in IM - ever. A dog is not a dog in IM. And Aunt Sally probably is not really Aunt Sally.
Remember - Don't click on links in IM - ever. A dog is not a dog in IM. And Aunt Sally probably is not really Aunt Sally.
Keywords:
0 comment(s)
×
![modal content]()
Diary Archives
© 2025 SANS™ Internet Storm Center
Developers: We have an API for you! 
Comments