Author Topic: Waledac IP now only USA  (Read 2850 times)

0 Members and 1 Guest are viewing this topic.

January 30, 2009, 02:29:19 am
Read 2850 times

Edgar Bangkok

  • Special Members
  • Full Member

  • Offline
  • *

  • 61
    • Edgar Internet Tools
Is about two days that the botnet Waledac seems to have changed  his behavior
If you run a whois of any domain waledac  now active is always displayed an IP from USA
In practice, now only in the U.S.  computers are part of botnets, and not in other nations
Also the tracker http://www.sudosecure.net/waledac/ffipscountries.php shows that only  pc in the States are now part of waledac when we know also others countries have pc into botnet.
Any idea about this strange behavior considering that the NS servers are instead distributed always to more countries ?????????????

Edgar  :)

some links my blog about this

http://edetools.blogspot.com/2009/01/waledac-botnet-aggiornamento-30-01.html

http://edetools.blogspot.com/2009/01/waledac-botnet-aggiornamento-su-strani.html


January 31, 2009, 01:35:19 am
Reply #1

Edgar Bangkok

  • Special Members
  • Full Member

  • Offline
  • *

  • 61
    • Edgar Internet Tools
This morning (31 Jan 8:22 AM Bangkok time) it seems that the distribution of pages with the domain pointing to IP is not just the U.S., back on.

A cyclic whois domain is now showing waledac IP from different nations and not just the States

The tracker
http://www.sudosecure.net/waledac/ffipscountries.php
and also
http://www.sudosecure.net/waledac/ffips.php
seems to confirm this new phase of the botnet waledac
Also The number IPs discovered start to increasing

What happened in these 3 days is not clear for me
Perhaps a reorganization of botnets for more actions dim spam and phishing or . ?

Edgar :)