The Latest in IT Security

Some TDL/TDSS rootkit sites to block


The following IPs are related to the TDL/TDSS rootkit. / appears to be a C&C server. is a Romanian host called Eurolan Solutions SRL, I’ve had this blocked for months with no ill-effects. is Petersburg Internet Network Ltd in Russia, the whole /16 is sparsely populated and blocking that would probably do no harm. is Latvia host RN Data SIA, given that Latvia hosts are such a sewer then blocking the /22 is probably also a good idea.

As for (OTEL, Bulgaria), there appear to be a few malware servers in mixed with several legitimate sites., and also appear to be malicious. Blocking should filter out the bad sites without blocking good ones.

The following domains are associated with these IPs, if you can’t block by IP then blocking these might be a good idea,

Leave a reply


MONDAY, JUNE 25, 2018



Latest Comments

Social Networks