this happened again dec 9 – dec 15(not sure after) where bluescreens were involved but parts of the worm’s interceptions were being removed that allowed hidden parts to be seen.
this seems good, but at the same time, i got calls from everyone and my water delivery guy mentioned what strangers also said(all in montana) complained about parts of the worm that i got over 2 years ago when it started.

i wrote the situations in ot her logs(tired), but if im correct, then think of 1 botnet command and control pinging over 2000 per hour for years on end, and multiply what yall viewed by 02134809834039483094. if this happens, it will be worse. i hope im wrong. this may happen next febuary if it wasnt this febuary. the only way i know to detect if your machines are pinging is to buy a HUB(cradlepoint) is my favorite due to the clearity of logs), and view logs. youll notice that it alters its stradegy every other day. one day random ips, the next day will show the icmp packets and all sorts of things.

if you must know the source of the sites used, for me, the hacker(windstream client) aka windstream.net(pixel error), linked to a name jeff using a site linked with aloha.net used a link tracker througth monster.com that listed all the sites that will be in your list.

for me, it was apnic, rr.com, windstream(after he tried to alter to look like a victom), 2 military sites, at&t, mci/qwest/other phone companys, comcast, and lots and lots of others.

LastWatchdog: What exactly is Bredolab?

Olson: Bredolab is a Downloader Trojan. It’s primarily a gateway for other malware. The process occurs when an attacker installs a downloader Trojan to get a foothold on a system. Once the downloader is there, it contacts a command and control (C&C) server which tells it what additional malware it should download and install. This might be a banking Trojan like Zeus, a spam bot like Waledac, or maybe a Rogue anti-virus program. The key is, once a downloader is on the system. the attacker can install anything they choose! Most of the time, that is often multiple Trojans, not just one, which obviously leads to more issues.

LastWatchdog: I could not find anything about the Glacial Dracon banking trojan. Can you send me some info on that one? Is it widespread or obscure? Is it similar to Zbot/ZeuS? What’s distinctive about it?

Olson: As far as we can tell Glacial Dracon (GD) is not very widespread. The variants we’ve analyzed have primarily been targeting Spanish banks. It doesn’t really do anything special compared to other banking Trojans. GD steals POST requests and is capable of HTML injection, but that’s getting to be pretty standard. We’ve seen some C&C servers that both a GD Trojan and a ZeuS Trojan will report to, indicating that some attackers use both Trojans at once, or at least try them both out.

Zues on the other hand, is still chugging along today utilizing now 57 domains on which they host their malware. We have seen rates on some of these domains jump up to 1600/minute, on average across all domains. We are seeing roughly 50,000 of these messages every minute with over 7 million total piled up in our filters.