F-Secure blogged about a new Trojan for Mac’s IOSX http://www.f-secure.com/weblog/archives/00002206.html
While the whois information points to the British Virgin Islands a traceroute gave me a very different answer. Tracing route to 91.224.160.26 over a maximum of 30 hops |
donald 206 Posts Aug 5th 2011 |
Thread locked Subscribe |
Aug 5th 2011 1 decade ago |
I'm sure I've heard of this network before. Like maybe I've seen some sort of abuse out of that IP range recently. I remember being confused by the WHOIS data. 'Little Denmark' street, a P.O. Box the British Virgin Isles, but registered in the RIPE (Europe) NIC with 'country: NL' where it seems to get its IP transit from a Swedish company. And yet their top-level domain WHOIS gives anonymous Pakistani registration details and mentions another address in Belgrade.
Good old robtex offers a list of domains hosted in this IP block. Many are .ru, and I'd advise caution about visiting any of them: * http://www.robtex.com/cnet/91.224.160.html * http://www.robtex.com/cnet/91.224.161.html And I've just noticed the SNORT Emerging Threats ruleset identifies many of these IPs as Russian Business Network. Be worried if you see traffic on your network going to/from these IPs. |
Anonymous |
Quote |
Aug 6th 2011 1 decade ago |
Sign Up for Free or Log In to start participating in the conversation!