Sponsored by..

Wednesday, 29 May 2013

University of Illinois CS department compromised

There's a bunch of malware sites infesting University of Illinois CS department machines in the 128.174.240.0/24, range, mostly pointed out in this post. Compromised machines are tarrazu.cs.uiuc.edu, croft.cs.illinois.edu, tsvi-pc.cs.uiuc.edu, mirco.cs.uiuc.edu, ytu-laptop.cs.uiuc.edu, node3-3105.cs.uiuc.edu and they are on the following IPs with the following malicious domains (I would recommend blocking the whole /24):

128.174.240.37
balckanweb.com
virgin-altantic.net
twintrade.net
biati.net
icensol.net
outlookexpres.net
gatareykahera.ru
curilkofskie.ru
exrexycheck.ru
gangrenablin.ru
contonskovkiys.ru

128.174.240.52
nvufvwieg.com
zeouk-gt.com
mydkarsy.com
trackerpro5.ru
avtotracki.ru
aviachecki.ru
techno5room.ru
getstatsp.ru

128.174.240.53
enway.pl

128.174.240.74
yelpwapphoned.com
streetgreenlj.com
crossdissstep.com
multipliedfor.com
sweetcarsinkas.at
roobihhooerses.at
stackltiplied.net
nitrogrenberd.net
salesplaytime.net
sludgekeychai.net
uestsradiates.net
smurfberrieswd.su
jounglehoodeze.su
sbliteratedtum.su
solidlettersiz.su

128.174.240.153
confideracia.ru
condalinaradushko.ru
pizdecnujzno.ru
ochengorit.ru
xenaidaivanov.ru

128.174.240.213
balckanweb.com
virgin-altantic.net
twintrade.net
biati.net
icensol.net
outlookexpres.net
gatareykahera.ru
curilkofskie.ru
exrexycheck.ru
gangrenablin.ru
contonskovkiys.ru

Update: the University says that this was a single machine on the network which has now been cleaned up.

No comments: