Hello,
I recently discovered a machine that was infected with a version of the
DarkIRC bot (http://www.tlsecurity.net/backdoor/DarkIrc.html)and had been
participating in DDoS network. In an effort to save my self some time and
help inform all the others that are participating in the same botnet I
have listed the domains or class c address in which an infected computer
resides. If you are an admin of one of these networks please send me an
email from within the posted network and I will provide you with the
host(s).
Thanks,
-Blake
# Hosts Domain/Network
1 128.163.23.x
1 128.163.50.x
1 128.226.38.x
1 128.238.53.x
1 128.252.32.
1 128.32.208.x
1 132.206.189.x
1 140.192.178.x
1 141.140.107.x
1 141.209.210.x
1 141.209.221.x
1 141.210.178.x
1 146.145.193.x
1 146.186.37.x
1 147.26.202.x
1 150.199.175.x
1 150.208.139.x
1 150.208.244.x
1 150.7.167.x
1 160.39.145.x
1 206.111.221.x
1 albany.edu
1 american.edu
1 avidi.no
1 Berkeley.EDU
1 calpoly.edu
1 cnc.net
1 creighton.edu
1 cvut.cz
1 emory.edu
1 ilstu.edu
1 imsa.edu
1 miami.edu
1 mu.edu
1 muohio.edu
1 ohio-state.edu
1 rmit.edu.au
1 telus.net
1 ucf.edu
1 UCLA.EDU
1 ucsd.edu
1 uiuc.edu
1 uky.edu
1 uncc.edu
1 unh.edu
1 unict.it
1 unl.edu
1 wm.edu
2 131.204.51.x
2 132.170.133.x
2 132.170.202.x
2 141.210.168.x
2 binghamton.edu
2 cornell.edu
2 criten.net
2 csupomona.edu
2 furman.edu
2 gatech.edu
2 gsu.edu
2 muskingum.edu
2 psu.edu
2 umich.edu
3 cmich.edu
3 sunysb.edu
3 umt.edu
3 wustl.edu
4 Stanford.EDU
4 ucdavis.edu
5 YSU.EDU
9 indiana.edu
----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management
and tracking system please see: http://aris.securityfocus.com
Received on Apr 04 2002
Intro
