=====================================
Greetings,

The Australian Computer Emergency Response Team (www.auscert.org.au) has
received a report of a site logging personal information from Internet
users who are infected with malicious software that is hosted on your
network. This site is accessible from the following *potentially malicious*
URL:

http://78.24.219.*/zeus/.logs/

As at Wed Feb 25 2009 this URL resolved to an IP address of

78.24.219.*

for which you are listed as the abuse contact. We would greatly
appreciate your assistance in:

a. recovering any relevant files

b. cleaning or closing this site as appropriate.

If you are not the correct person to be dealing with this incident, could
you please forward this request to the appropiate person. Also, you are
free to pass this information on to other trusted parties (e.g. law
enforcement), as you see fit.

If you are already aware of this matter then we apologise for the
inconvenience. If possible, we would still appreciate a copy of any
files from the host or netflows relating to this incident.

Tracking code (AUSCERT#2009add98) has been assigned to this incident.
We will be monitoring this incident, and tracking its progress to
closure. Please use this incident code in the subject line of all
correspondence relating to this incident.

Everyone in CC field:

FYI.

Any feedback you can provide will be greatly appreciated. Thanks for your
consideration of this request.

- --
- -- Jonathan Levine --
Information Security Analyst | Hotline: +61 7 3365 4417
AusCERT, Australia's National CERT | Fax: +61 7 3365 7031
The University of Queensland | WWW: www.auscert.org.au
QLD 4072 Australia | Email: auscert@auscert.org.au