These domains form part of a large Kelihos botnet described over at Malware Must Die and which is related to the recent Boston Marathon and Texas Fertilizer Plant spam runs. There are probably thousands of IP addresses, but so far I have identified just 76 domains that seem to be active (there are a large number of subdomains). Monitoring for these may reveal Kelihos activity on your network.
Update: a list of associated IPs can be found here. There are too many to analyze, but the majority seem to be hacked PCs in Ukraine, Russia, Bulgaria and Poland.
agrybnyd.ru
akafneyd.ru
aqloqsis.ru
bajidmed.ru
butlesuh.ru
ciwefbod.ru
conrozof.ru
dapxonuq.ru
derdepan.ru
dijxohqa.ru
dydebmek.ru
dypuhtiw.ru
emysgual.ru
ewhynwox.ru
fadanres.ru
fubkimab.ru
funkabyv.ru
fuqiwriv.ru
gojzawde.ru
howoggoc.ru
ickyrjum.ru
ivsykifa.ru
jabfetiq.ru
jakyskyf.ru
jehbuqri.ru
jigzilys.ru
jujeblob.ru
juqhasri.ru
jykoamny.ru
kezamzoq.ru
kolasoeg.ru
kuiffaam.ru
lohdyrpa.ru
melijfes.ru
meuhwycu.ru
migyxluk.ru
mujosdim.ru
needhed.com
nudegnuc.ru
nurwiwur.ru
nyhhakfi.ru
okxusout.ru
ovxurxom.ru
poretget.ru
qeqgomha.ru
qevihnit.ru
qyxpucaf.ru
rezselix.ru
rigyhdyq.ru
rithakip.ru
sagucqyp.ru
sahiwten.ru
siajxenu.ru
sigkeqvi.ru
soljasek.ru
taurbael.ru
tuhoxkyt.ru
tuklicit.ru
tuswusah.ru
ubhyfnyz.ru
ufqinweb.ru
ulvojfol.ru
vezylgys.ru
wirxopiz.ru
wylovpuc.ru
xikgygga.ru
xujxiwli.ru
yddivvev.ru
yhwursyn.ru
yhzewguv.ru
ymvuchyq.ru
yskicfuw.ru
ytliywax.ru
zahebfox.ru
zaszigic.ru
zurgeqyr.ru
No comments:
Post a Comment