.

Determining if internet host part of botnet

<<

Triban

User avatar

Hero Member
Hero Member

Posts: 620

Joined: Fri Feb 19, 2010 4:17 pm

Post Wed Aug 24, 2011 11:59 am

Determining if internet host part of botnet

So I have been seeing a few instances of SEP IPS blocking outgoing Blackhole Toolkit traffic out to 12.238.253.103 which resolves to wwb.hollandandbarrett.com.  Anyone know of ways to confirm if this host has been compromised and may be receiving feeds from other bots?

Thanks for any assistance.
Certs: GCWN
(@)Dewser
<<

dynamik

Recruiters
Recruiters

Posts: 1119

Joined: Sun Nov 09, 2008 11:00 am

Location: Mile High City

Post Wed Aug 31, 2011 2:04 pm

Re: Determining if internet host part of botnet

Packet capture / review?
The day you stop learning is the day you start becoming obsolete.
<<

Triban

User avatar

Hero Member
Hero Member

Posts: 620

Joined: Fri Feb 19, 2010 4:17 pm

Post Thu Sep 01, 2011 8:19 am

Re: Determining if internet host part of botnet

Sadly I do not have access to the tools to give me packet captures :-(.  I don't even think those that do have the access actually are capturing packets.  I did send an email to the webmaster of the supposed valid site but did not get a response.  The traffic to the site has since stopped, I imagine the powers-that-be put the IP and site in the RBL.  I'm sure there will be more systems like this in the future.
Certs: GCWN
(@)Dewser

Return to Malware

Who is online

Users browsing this forum: No registered users and 1 guest

cron
.
Powered by phpBB® Forum Software © phpBB Group.
Designed by ST Software