couttsj Posted February 21, 2012 Share Posted February 21, 2012 The Blackhole Exploit Kit is being distributed using the MAIL FROM: address <xxxxxx[at]aicpa.org> and the following IP addresses (spam Bot): 121.246.181.128: 121.246.181.128.static-chennai.vsnl.net.in 62.219.224.141: bzq-219-224-141.pop.bezeqint.net 31.47.193.4: Spider Systems, American Samoa 187.66.142.129: bb428e81.virtua.com.br 201.9.213.108: 201009213108.user.veloxzone.com.br 79.202.234.129: p4fcaea81.dip.t-dialin.net 189.102.7.9: bd660709.virtua.com.br 37.105.35.246: SAUDINET, Saudi Arabia 81.151.230.33: host81-151-230-33.range81-151.btcentralplus.com 89.116.206.17: 17.206.116.89.ip.lrtc.lt 109.158.83.223: host109-158-83-223.range109-158.btcentralplus.com 62.83.169.163: 62.83.169.163.dyn.user.ono.com 2.82.144.65: bl21-144-65.dsl.telepac.pt 189.54.207.139: bd36cf8b.virtua.com.br 188.78.126.103: 103.126.78.188.dynamic.jazztel.es 193.199.67.18: GGZYYYDCCCXVIII.gprs.sl-laajakaista.fi 92.86.83.210: ROMTelecom S.A., Romania 31.178.127.147: nat-zg5-19.aster.pl 94.84.151.234: host234-151-static.84-94-b.business.telecomitalia.it This exploit started this AM and is ongoing! J.A. Coutts Link to comment Share on other sites More sharing options...
craigt Posted February 22, 2012 Share Posted February 22, 2012 I've received a couple hundred of these since early on the 21st -- many other IPA's showing as sources. Link to comment Share on other sites More sharing options...
lisati Posted February 22, 2012 Share Posted February 22, 2012 I've seen only two entries in my server's logs, both rejected with a 450, and not a peep from them since. Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.