Latest research from Aladdin Content Security Response Team ties phishing to attack, as well as possible targeting of UK eBay accounts
http://money.cnn.com/news/newsfeeds/articles/prnewswire/AQTH16406092007-1.htm
Friday, September 7, 2007
Wednesday, September 5, 2007
Traceroutes
Traceroute 1 - Los Angeles
trace 166.66.64.33
Type escape sequence to abort.
Tracing the route to hamming.csdomain.millersville.edu (166.66.64.33)
1 g10-0-224.core01.lax01.atlas.cogentco.com (66.250.4.5) 0 msec 4 msec 0 msec (Cogent Communications)
2 t8-1.mpd01.lax01.atlas.cogentco.com (154.54.2.118) 0 msec 4 msec 4 msec
3 t3-2.mpd01.lax05.atlas.cogentco.com (154.54.6.190) 0 msec 0 msec 4 msec
4 bpr4-ge-6-1-0.losangelesequinix.savvis.net (208.174.196.105) 0 msec 4 msec 0 msec (Savvis)
5 cr2-pos-0-3-5-1-losangeles.savvis.net (208.174.196.70) 0 msec 4 msec 4 msec
6 dcr1-so-2-0-0.dallas.savvis.net (204.70.192.85) 36 msec 40 msec 36 msec
7 dcr1.ald-so-7-0-0.atlanta.savvis.net (204.70.194.58) 76 msec 80 msec 76 msec
8 cr2-pos-0-0-0-0.Washington.savvis.net (204.70.192.54) 80 msec 80 msec 76 msec
9 cr1-tengig-0-15-0-0.Washington.savvis.net (204.70.196.101) 80 msec 76 msec 76 msec
10 acr2-so-0-0-0.Philadelphiaphy.savvis.net (204.70.193.173) 76 msec 76 msec 80 msec
11 acr1-so-7-0-0.Philadelphiaphy.savvis.net (208.172.96.97) 76 msec 76 msec 76 msec
12 internap.Philadelphiaphy.savvis.net (208.172.19.170) 80 msec 80 msec 80 msec
13 border3.ge2-0-bbnet1.phi.pnap.net (216.52.64.7) 80 msec (Internap Network Services)
border6.ge3-0-bbnet2.phi.pnap.net (216.52.64.74) 80 msec 80 msec
14 compen-4.border3.phi.pnap.net (216.52.66.234) 84 msec
compen-3.border6.phi.pnap.net (216.52.66.42) 80 msec 80 msec
15 172.27.51.1 88 msec 84 msec 88 msec
16 fgt-external.net.millersville.edu (192.206.29.254) 84 msec 88 msec 84 msec
17 166.66.251.23 88 msec 84 msec 96 msec
18 hamming.csdomain.millersville.edu (166.66.64.33) 96 msec 88 msec 88 msec
Cities visited:
Los Angeles
Dallas
Atlanta
Washington
Philadelphia
Millersville
Number of Routers : 18
Trace Route 2 - Japan
nslookup:
Server: localhost.tumori.nu
Address: 127.0.0.1
Name: hamming.csdomain.millersville.edu
Address: 166.66.64.33
traceroute:
1 hirnia1.asahi-net.or.jp (211.120.67.2) 13.845 ms 14.320 ms 15.224 ms
2 hirnip-ge0.asahi-net.or.jp (211.120.67.30) 13.110 ms 12.716 ms 18.910 ms
3 tkybi3-v7.asahi-net.or.jp (202.224.38.1) 33.225 ms 34.026 ms 35.259 ms
4 tkyni3.asahi-net.or.jp (202.224.32.88) 32.323 ms 39.366 ms 38.302 ms
5 xe-1-2.a14.tokyjp01.jp.ra.gin.ntt.net (61.213.161.5) 29.323 ms 30.214 ms 32.257 ms
6 ae-3.r20.tokyjp01.jp.bb.gin.ntt.net (203.105.72.145) 36.032 ms 33.398 ms 50.624 ms
7 as-1.r20.sttlwa01.us.bb.gin.ntt.net (129.250.4.189) 140.069 ms
as-1.r20.snjsca04.us.bb.gin.ntt.net (129.250.2.34) 143.944 ms
as-1.r20.sttlwa01.us.bb.gin.ntt.net (129.250.4.189) 129.066 ms
8 xe-1-4.r02.snjsca04.us.bb.gin.ntt.net (129.250.2.29) 126.850 ms
xe-3-1.r00.sttlwa01.us.bb.gin.ntt.net (129.250.2.205) 238.072 ms
xe-1-4.r02.snjsca04.us.bb.gin.ntt.net (129.250.2.29) 134.084 ms
9 xe-0.sprint.sttlwa01.us.bb.gin.ntt.net (129.250.8.54) 153.465 ms 149.466 ms
sl-st22-sj-11-0-0.sprintlink.net (144.232.8.197) 133.020 ms
10 sl-bb25-chi-5-0.sprintlink.net (144.232.20.84) 182.194 ms
sl-crs1-sj-0-4-0-0.sprintlink.net (144.232.3.7) 143.923 ms 150.551 ms
11 sl-crs2-chi-0-1-0-1.sprintlink.net (144.232.8.168) 192.238 ms
sl-bb22-sj-15-0.sprintlink.net (144.232.3.6) 144.935 ms
sl-crs2-chi-0-1-0-1.sprintlink.net (144.232.8.168) 183.234 ms
12 sl-bb26-pen-12-0.sprintlink.net (144.232.20.162) 211.913 ms
sl-bb22-rly-8-0-0.sprintlink.net (144.232.8.126) 222.433 ms
sl-bb26-pen-12-0.sprintlink.net (144.232.20.162) 219.257 ms
13 sl-bb26-rly-12-0.sprintlink.net (144.232.14.174) 233.281 ms 217.722 ms
sl-st1-phi-1-1.sprintlink.net (144.232.16.107) 199.665 ms
14 sl-bb24-pen-12-0.sprintlink.net (144.232.20.110) 209.936 ms
208.35.161.30 (208.35.161.30) 191.954 ms 194.369 ms
15 sl-st1-phi-1-1.sprintlink.net (144.232.16.107) 218.807 ms
border3.ge3-0-bbnet2.phi.pnap.net (216.52.64.71) 188.212 ms
sl-st1-phi-1-1.sprintlink.net (144.232.16.107) 221.008 ms
16 208.35.161.30 (208.35.161.30) 206.105 ms
compen-4.border3.phi.pnap.net (216.52.66.234) 205.989 ms
208.35.161.30 (208.35.161.30) 201.997 ms
17 * * border3.ge3-0-bbnet2.phi.pnap.net (216.52.64.71) 207.512 ms
18 fgt-external.net.millersville.edu (192.206.29.254) 201.076 ms
compen-4.border3.phi.pnap.net (216.52.66.234) 207.754 ms
fgt-external.net.millersville.edu (192.206.29.254) 197.753 ms
19 * 166.66.251.23 (166.66.251.23) 206.818 ms *
20 fgt-external.net.millersville.edu (192.206.29.254) 206.453 ms
hamming.csdomain.millersville.edu (166.66.64.33) 199.426 ms
fgt-external.net.millersville.edu (192.206.29.254) 207.424 ms
Traceroute 3: Australia
traceroute to 166.66.64.33 (166.66.64.33), 30 hops max, 40 byte packets
1 vlan250.lon-service6.Melbourne.telstra.net (203.50.2.177) 0.34 ms 0.263 ms 0.258 ms
2 * * TenGigE0-12-0-2.win-core1.Melbourne.telstra.net (203.50.79.129) 14.631 ms
3 Bundle-Pos1.ken-core4.Sydney.telstra.net (203.50.6.21) 14.051 ms 13.852 ms 13.565 ms
4 * Port-Channel1.pad-gw2.Sydney.telstra.net (203.50.6.29) 13.086 ms 13.115 ms
5 10GigabitEthernet2-0.sydp-core02.Sydney.reach.com (203.50.13.50) 13.224 ms 13.298 ms 13.128 ms
6 i-13-0.wil-core02.net.reach.com (202.84.141.109) 166.222 ms 166.153 ms 166.195 ms
7 i-6-2.wil04.net.reach.com (202.84.251.186) 166.358 ms 166.419 ms 166.632 ms
8 ge-6-20.car3.LosAngeles1.Level3.net (4.68.111.133) 172.766 ms 172.738 ms 172.779 ms
9 ae-1-55.bbr1.LosAngeles1.Level3.net (4.68.102.129) 173.082 ms ae-1-51.bbr1.LosAngeles1.Level3.net (4.68.102.1) 166.593 ms ae-1-55.bbr1.LosAngeles1.Level3.net (4.68.102.129) 173.023 ms
10 so-3-0-0.mp2.Philadelphia1.Level3.net (64.159.0.142) 254.168 ms 232.319 ms 232.155 ms
11 so-11-0.hsa1.Philadelphia1.Level3.net (64.159.0.154) 238.461 ms so-10-0.hsa1.Philadelphia1.Level3.net (64.159.0.146) 238.405 ms so-11-0.hsa1.Philadelphia1.Level3.net (64.159.0.154) 238.595 ms
12 level3-16.internap.com (63.208.96.178) 238.362 ms 340.851 ms 424.926 ms
13 border3.ge3-0-bbnet2.phi.pnap.net (216.52.64.71) 232.386 ms 231.751 ms 232.45 ms
14 compen-4.border3.phi.pnap.net (216.52.66.234) 232.749 ms 235.093 ms 232.945 ms
15 * * *
16 fgt-external.net.millersville.edu (192.206.29.254) 238.63 ms 238.085 ms 237.047 ms
17 166.66.251.23 (166.66.251.23) 247.163 ms 250.448 ms 251.444 ms
Traceroute 4: United Kingdom
traceroute to 166.66.64.33 (166.66.64.33), 30 hops max, 40 byte packets
1 fe5-0-svc2.LON.router.COLT.NET (212.74.64.33) 0.762 ms 0.599 ms 0.526 ms
2 fe6-2-cr1.LON.router.COLT.NET (212.74.64.214) 0.907 ms 0.420 ms 0.375 ms
3 pos7-0-cr1.NYC.router.colt.net (212.74.74.29) 69.067 ms 68.932 ms 69.007 ms
4 ge-3-16.r02.nycmny01.us.bb.gin.ntt.net (129.250.10.181) 69.244 ms 69.289 ms 75.985 ms
5 xe-0-2-0.r20.nycmny01.us.bb.gin.ntt.net (129.250.2.186) 69.168 ms 70.518 ms 70.278 ms
6 p16-0.sprint.nycmny01.us.bb.gin.ntt.net (129.250.9.174) 69.326 ms 69.325 ms 81.468 ms
7 sl-bb26-pen-4-0-0.sprintlink.net (144.232.20.142) 76.444 ms 76.419 ms 75.928 ms
8 sl-st1-phi-1-1.sprintlink.net (144.232.16.107) 76.984 ms 76.477 ms 76.590 ms
9 208.35.161.30 (208.35.161.30) 73.614 ms 74.542 ms 73.600 ms
10 border3.ge3-0-bbnet2.phi.pnap.net (216.52.64.71) 73.703 ms 73.694 ms 73.440 ms
11 compen-4.border3.phi.pnap.net (216.52.66.234) 75.800 ms 75.263 ms 75.190 ms
12 * * *
13 fgt-external.net.millersville.edu (192.206.29.254) 80.009 ms 79.595 ms 81.444 ms
14 166.66.251.23 (166.66.251.23) 84.861 ms 80.981 ms 80.131 ms
Traceroute 5: Sweden
traceroute to 166.66.64.33 (166.66.64.33), 30 hops max, 40 byte packets
1 swiCP2-V138 (130.59.138.2) 0.447 ms 0.397 ms 0.428 ms
2 swiEL2-10GE-1-1 (130.59.36.9) 0.256 ms 0.224 ms 0.223 ms
3 swiCE3-10GE-1-3 (130.59.37.65) 1.220 ms 1.008 ms 1.006 ms
4 swiCE2-10GE-1-4 (130.59.36.209) 1.112 ms 1.080 ms 1.073 ms
5 switch.rt1.gen.ch.geant2.net (62.40.124.21) 1.064 ms 1.066 ms 1.067 ms
6 so-7-2-0.rt1.fra.de.geant2.net (62.40.112.22) 9.170 ms 9.185 ms 9.174 ms
7 abilene-wash-gw.rt1.fra.de.geant2.net (62.40.125.18) 107.570 ms 101.787 ms 101.709 ms
8 * 204.238.76.5 (204.238.76.5) 108.762 ms 107.019 ms
9 204.238.76.14 (204.238.76.14) 109.449 ms 108.342 ms 107.690 ms
10 * * *
11 fgt-external.net.millersville.edu (192.206.29.254) 115.585 ms 116.248 ms 114.711 ms
12 166.66.251.23 (166.66.251.23) 118.059 ms 119.070 ms 116.233 ms
13 hamming.csdomain.millersville.edu (166.66.64.33) 118.243 ms 123.082 ms 114.098 ms
15 hamming.csdomain.millersville.edu (166.66.64.33) 79.738 ms 80.161 ms 80.986 ms
18 hamming.csdomain.millersville.edu (166.66.64.33) 238.751 ms 239.178 ms 239.763 ms
Sunday, September 2, 2007
The Bank of India.com attack
A new form of web hacking has compromised The Bank of India's website. It goes unnoticed by many online security tools, such as Google's Safe Browsing extension for Firefox, Finjan, NetCraft and PhishTank SiteChecker, and even receives a clean bill of health from SiteAdvisor. Do not visit The Bank of India's website as I believe it is still compromised and will install various malware on your computer.
For information about how the hack was accomplished, click here.
A list of malware that gets installed by visiting the site can be found here.
For information about how the hack was accomplished, click here.
A list of malware that gets installed by visiting the site can be found here.
BitTorrent Continues to Dominate Internet Traffic
A recent analysis of the latest P2P trends wordwide shows that BitTorrent is still the most popular filesharing protocol. BitTorrent traffic is still on the rise and responsible for 50-75% of all P2P traffic and roughly 40% of all Internet traffic.
http://torrentfreak.com/bittorrent-dominates-internet-traffic-070901/
http://torrentfreak.com/bittorrent-dominates-internet-traffic-070901/
Subscribe to:
Comments (Atom)