Jump to content
Sign in to follow this  
couttsj

Blackhole Exploit Kit

Recommended Posts

The Blackhole Exploit Kit is being distributed using the MAIL FROM: address <xxxxxx[at]aicpa.org> and the following IP addresses (spam Bot):

121.246.181.128: 121.246.181.128.static-chennai.vsnl.net.in

62.219.224.141: bzq-219-224-141.pop.bezeqint.net

31.47.193.4: Spider Systems, American Samoa

187.66.142.129: bb428e81.virtua.com.br

201.9.213.108: 201009213108.user.veloxzone.com.br

79.202.234.129: p4fcaea81.dip.t-dialin.net

189.102.7.9: bd660709.virtua.com.br

37.105.35.246: SAUDINET, Saudi Arabia

81.151.230.33: host81-151-230-33.range81-151.btcentralplus.com

89.116.206.17: 17.206.116.89.ip.lrtc.lt

109.158.83.223: host109-158-83-223.range109-158.btcentralplus.com

62.83.169.163: 62.83.169.163.dyn.user.ono.com

2.82.144.65: bl21-144-65.dsl.telepac.pt

189.54.207.139: bd36cf8b.virtua.com.br

188.78.126.103: 103.126.78.188.dynamic.jazztel.es

193.199.67.18: GGZYYYDCCCXVIII.gprs.sl-laajakaista.fi

92.86.83.210: ROMTelecom S.A., Romania

31.178.127.147: nat-zg5-19.aster.pl

94.84.151.234: host234-151-static.84-94-b.business.telecomitalia.it

This exploit started this AM and is ongoing!

J.A. Coutts

Share this post


Link to post
Share on other sites

I've received a couple hundred of these since early on the 21st -- many other IPA's showing as sources.

Share this post


Link to post
Share on other sites

I've seen only two entries in my server's logs, both rejected with a 450, and not a peep from them since.

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this  

×