Malware Domain List

Malware Related => Malicious Domains => Topic started by: Edgar Bangkok on January 30, 2009, 02:29:19 am

Title: Waledac IP now only USA
Post by: Edgar Bangkok on January 30, 2009, 02:29:19 am
Is about two days that the botnet Waledac seems to have changed  his behavior
If you run a whois of any domain waledac  now active is always displayed an IP from USA
In practice, now only in the U.S.  computers are part of botnets, and not in other nations
Also the tracker http://www.sudosecure.net/waledac/ffipscountries.php shows that only  pc in the States are now part of waledac when we know also others countries have pc into botnet.
Any idea about this strange behavior considering that the NS servers are instead distributed always to more countries ?????????????

Edgar  :)

some links my blog about this

http://edetools.blogspot.com/2009/01/waledac-botnet-aggiornamento-30-01.html

http://edetools.blogspot.com/2009/01/waledac-botnet-aggiornamento-su-strani.html

Title: Re: Waledac IP now only USA
Post by: Edgar Bangkok on January 31, 2009, 01:35:19 am
This morning (31 Jan 8:22 AM Bangkok time) it seems that the distribution of pages with the domain pointing to IP is not just the U.S., back on.

A cyclic whois domain is now showing waledac IP from different nations and not just the States

The tracker
http://www.sudosecure.net/waledac/ffipscountries.php
and also
http://www.sudosecure.net/waledac/ffips.php
seems to confirm this new phase of the botnet waledac
Also The number IPs discovered start to increasing

What happened in these 3 days is not clear for me
Perhaps a reorganization of botnets for more actions dim spam and phishing or . ?

Edgar :)