A forum for reverse engineering, OS internals and malware analysis 

Forum for analysis and discussion about malware.
 #7426  by Flamef
 Tue Jul 19, 2011 11:13 pm
kmd wrote:Dr.Web company yes again attempts to advertise itself with help of Ntldrbot (aka Rustock.C)
this company has no any relations with rustock botnet shutdown as well as Rustock.C has no relations with terminated Newrest.
good pR :lol:

Image

http://news.drweb.com/show/?i=1583&lng=ru&c=14

eng variant is not published yet, it likely will be "moderated"

You are partially right,when rumors started among black&white hat's cliques,about some1 who had made a completely undetected rootkit,DR.WEB WAS THE FIRST company which discovered/detected this rootkit.So,i'd say they deserve something more than 20% of the big success :D.
 #8710  by rkhunter
 Fri Sep 23, 2011 1:31 pm
Rustock Civil Case Closed: Microsoft Refers Criminal Evidence to FBI

As you may have read in this morning’s edition of CNET, on Sept. 13th, Judge James L. Robart, of the U.S. District Court for the Western District of Washington ruled that the domain names and Internet protocol addresses used to host the botnet would be effectively removed from the defendants’ control. This case not only enabled the take down of a botnet known to be one of the single largest sources of spam on the Internet, but it is now helping to ensure that this botnet will never be used for cybercrime again.

https://blogs.technet.com/b/microsoft_b ... o-fbi.aspx

Official document (list of domains and ISP) http://noticeofpleadings.com/images/201 ... r-pt_1.pdf

Image
 #8785  by rkhunter
 Tue Sep 27, 2011 9:16 pm
ISP hosted C&C:

FDCservers.NET, LLC, Chicago IL
Wholesale Internet Datacenter, LLC, Kansas city
BurstNET Techonologies, Inc., Scranton
Ecommerce, Inc, Columbus
Softlayer Technologies, Dallas
VPLS Inc. d/b/a Krypt Technologies, Santa Ana
DCS Pacific Star, LLC, Los Altos
Atjeu Publishing LLC/Atjeu Hosting LLC, Phoenix
Relieble Hosting Services, LLP, Brunswick
Hivelocity/Noc4Hosts Inc., Tampa