couttsj Posted February 21, 2012 Posted February 21, 2012 The Blackhole Exploit Kit is being distributed using the MAIL FROM: address <xxxxxx[at]aicpa.org> and the following IP addresses (spam Bot): 121.246.181.128: 121.246.181.128.static-chennai.vsnl.net.in 62.219.224.141: bzq-219-224-141.pop.bezeqint.net 31.47.193.4: Spider Systems, American Samoa 187.66.142.129: bb428e81.virtua.com.br 201.9.213.108: 201009213108.user.veloxzone.com.br 79.202.234.129: p4fcaea81.dip.t-dialin.net 189.102.7.9: bd660709.virtua.com.br 37.105.35.246: SAUDINET, Saudi Arabia 81.151.230.33: host81-151-230-33.range81-151.btcentralplus.com 89.116.206.17: 17.206.116.89.ip.lrtc.lt 109.158.83.223: host109-158-83-223.range109-158.btcentralplus.com 62.83.169.163: 62.83.169.163.dyn.user.ono.com 2.82.144.65: bl21-144-65.dsl.telepac.pt 189.54.207.139: bd36cf8b.virtua.com.br 188.78.126.103: 103.126.78.188.dynamic.jazztel.es 193.199.67.18: GGZYYYDCCCXVIII.gprs.sl-laajakaista.fi 92.86.83.210: ROMTelecom S.A., Romania 31.178.127.147: nat-zg5-19.aster.pl 94.84.151.234: host234-151-static.84-94-b.business.telecomitalia.it This exploit started this AM and is ongoing! J.A. Coutts
craigt Posted February 22, 2012 Posted February 22, 2012 I've received a couple hundred of these since early on the 21st -- many other IPA's showing as sources.
lisati Posted February 22, 2012 Posted February 22, 2012 I've seen only two entries in my server's logs, both rejected with a 450, and not a peep from them since.
Recommended Posts
Archived
This topic is now archived and is closed to further replies.