Additional detail on the latest Java Exploit, including (one of) the IP address(es) of the C&C server(s)
Symantec has done a very good job of putting together a very quick and easy to follow write-up on this latest Java vulnerability including disclosing the IP of at least one of the C&C servers (below). For the impatient, the IP listed is 110.173.55.187. I did a quick whois on it (details below) and it's part of the 110.173.48.0/12 network and is registered to CHINADEDICATED-HK (a Chinese company, big surprise there). At this time, unless you have a specific need to communicate with hosts in this network range, we are recommending users block all traffic to / from the entire netblock (I suspect that the C&C is not limited or will not stay limited to this single IP, but that may be me being paranoid). Article -> http://www.symantec.com/connect/blogs/latest-java-zero-day-shares-connections-bit9-security-incident Whois info:% Whois data copyright terms…