Wednesday, June 22, 2011

TDSS - SRVs list

I just found via pastebin ( a domains list related to TDSS. The SRVs , in according with this analysis, are the C&C from where bots receive commands.What's sound a bit strange is that the content in the pastebin above match with the syntax used in the configuration file of the rootkit. Anyway is possible count 2514 entry (or config file ?). I simply sorted the domains reported with the following result:

Anoter interesting Google dork is "wsrv:=http://" that shown another Pastebin link with a WSRVs domain lists. The WSRVs are the handlers of results of the search provider activity on impacted systems.

No comments:

Post a Comment