aaaaaaa.taybasoft.com(botnet hosted in China Beijing Ninbo Lanzhong Network Ltd)

Remote Host Port Number
112.78.112.208 80
218.85.133.201 80
89.114.9.42 80
89.114.9.60 80
123.183.217.32 1110
61.158.145.4 6939 PASS laorosr
aaaaaaa.taybasoft.com TCP port 6939

PRIVMSG #d2 :Err0r..
PRIVMSG #d2 :Done..
MODE [N00_USA_XP_2208150]
@ -ix

# the data identified by the following URLs was then requested from the remote web server:

* http://www.nippon.to/cgi-bin/prxjdg.cgi
* http://www.cooleasy.com/cgi-bin/prxjdg.cgi
* http://two.natnatraoi.com/ms.exe
* http://two.natnatraoi.com/dq.exe
* http://two.natnatraoi.com/serv8.exe
* http://suhi4hr.net/xxudv.exe

infos about hosting:
http://whois.domaintools.com/60.190.223.125

Categories: Uncategorized