Additional detail on the latest Java Exploit, including (one of) the IP address(es) of the C&C server(s)

Symantec has done a very good job of putting together a very quick and easy to follow write-up on this latest Java vulnerability including disclosing the IP of at least one of the C&C servers (below).  For the impatient, the IP listed is 110.173.55.187.  I did a quick whois on it (details below) and it’s part of the 110.173.48.0/12 network and is registered to CHINADEDICATED-HK (a Chinese company, big surprise there).  At this time, unless you have a specific need to communicate with hosts in this network range, we are recommending users block all traffic to / from the entire netblock (I suspect that the C&C is not limited or will not stay limited to this single IP, but that may be me being paranoid).

Article -> http://www.symantec.com/connect/blogs/latest-java-zero-day-shares-connections-bit9-security-incident

Whois info:
% Whois data copyright terms    http://www.apnic.net/db/dbcopyright.html
inetnum:        110.173.48.0 – 110.173.63.255

netname:        CHINADEDICATED-HK
descr:          Room B, 8/F Wing Cheung Ind Building
country:        HK
admin-c:        CDCn1-AP
tech-c:         CDCn1-AP
status:         ALLOCATED PORTABLE
remarks:        Used for service-hosting
mnt-by:         APNIC-HM
mnt-lower:      MAINT-CHINADEDICATED-HK
remarks:        -+-+-+-+-+-+-+-+-+-+-+-++-+-+-+-+-+-+-+-+-+-+-+-+-+-+
remarks:        This object can only be updated by APNIC hostmasters.
remarks:        To update this object, please contact APNIC
remarks:        hostmasters and include your organisation’s account
remarks:        name in the subject line.
remarks:        -+-+-+-+-+-+-+-+-+-+-+-++-+-+-+-+-+-+-+-+-+-+-+-+-+-+
changed:        hm-changed@apnic.net 20090507
source:         APNIC
role:           CHINA DEDICATED COMPANY – network

administratoraddress:        Room B, 8/F, Wing Cheung Ind Building, No. 109, How Ming Street, Kwun Tong
country:        HK
phone:          +85268554675
e-mail:         admin@chinadedicated.com
admin-c:        CDCn1-AP
tech-c:         CDCn1-AP
nic-hdl:        CDCn1-AP
mnt-by:         MAINT-CHINADEDICATED-HK
changed:        hm-changed@apnic.net 20090507
source:         APNICchanged:        hm-changed@apnic.net 20090507