IRC Botnet Host Malware: vnc.exe MD5: 0x962B127F456B05956DE254B0C68A767F IP: 72.10.160.166 / Host: ha3.ha2.ha1.us Location : CA, Canada NICK [00|USA|XP|SP2]-4374 USER yebse 0 0 :[00|USA|XP|SP2]-4374 JOIN #vnc USERHOST [00|USA|XP|SP2]-4374 MODE [00|USA|XP|SP2]-4374 +x Now talking in #vnc Topic On: [ #vnc ] [ Scanner VNC: ONline Link: http://www.fandefutebol.com.br/torcedores/vnc.exe] Topic By: [ Nogrod ] Modes On: [ #vnc ]Read more...
FastAntivirus2011 fake av
This is another sample from fake av used to infectd people asking them to download this antivirus wich is fake Sample was discovered by John Download link : http://www.multiupload.com/IGCWAUGNJR serial number: 2233-298080-3424(credits to xylitol for cracking it) Loader example by Xylitol: http://pastebin.com/qCxepgrp
216.120.248.193(PhobiiA hf hecker using elation bot hosted in United States Clifton Park Dotblock.com)
Here is the elation bot from PhobiiA big hecker https://pastee.org/65fqw irc infos: 216.120.248.193:6667 PhobiiA use moded roxnet unrealircd he’s big hecker Hosting infos: http://whois.domaintools.com/216.120.248.193
nkford.dlankford.com(irc botnet hosted in United States Los Angeles Coreexpress)
Remote Host Port Number 64.69.44.51 4042 NICK new[USA|XP|COMPUTERNAME]kuffavh USER hh “” “lol” :hh JOIN #biznew# PONG 422 hosting infos: http://whois.domaintools.com/64.69.44.51
111.90.148.204(irc botnet hosted in Malaysia Johor Bahru Piradius Net)
Remote Host Port Number 111.90.148.204 4042 PASS google_cache2.tmp NICK n[USA|XP]430406 USER 4304 “” “TsGh” :4304 JOIN #cash# abc PONG 422 PONG :irc.priv8net7.com hosting infos: http://whois.domaintools.com/111.90.148.204
Trojan-Downloader.Win32.Banload(malware hosted in India Delhi Lala_madhoram_bhagwan_dass_chritable_society)
– DNS Queries: envc.machcar.kr DNS_TYPE_A 222.24.94.15 vhosts.packmanbd.com DNS_TYPE_A 222.24.94.19 222.24.94.19 – HTTP Conversations: 222.24.94.15:80 – [envc.machcar.kr] Request: POST /envc.php Response: 200 “OK” 222.24.94.19:80 – [vhosts.packmanbd.com] Request: GET /manual/vhosts.txt Response: 200 “OK” Url used to infect people: http://pedofilia.warbe.org/id/noticias/g1.globo.com/pedofilia/2011/0-19384pastor-e-filmado-fazendo-sexo-oral-com-adolescente.php?0.82545 Direct download: http://pedofilia.warbe.org/id/noticias/g1.globo.com/pedofilia/2011/videos-pedofilia-1039-pastor-fazendo-sexo-oral-com-adolescente-AVI.exe Hosting infos: http://whois.domaintools.com/122.160.131.225
ssh.mytijn.org(irc botnet hosted in India Bangalore O/o Dgm Bb Noc Bsnl Bangalore)
Remote Host Port Number ssh.mytijn.org 8782 PASS weed NICK {iNF-00-USA-XP-COMP-1493} USER blaze * 0 :COMP NICK {00-USA-XP-COMP-6216} hosting infos: http://whois.domaintools.com/117.211.84.155
area.myarena.ru(Destination Darkness Outcast System & Optima)
HTTP Malware from Russia used to ddos Admin Panel: http://area.myarena.ru/ex/adm/auth.php – DNS Queries: area.myarena.ru DNS_TYPE_A 62.122.213.10 http://palmary73.net DNS_TYPE_A – HTTP Conversations: 62.122.213.10:80 – [area.myarena.ru] Request: GET /ex/?uid=035409&ver=9aXPA Response: 200 “OK” Request: GET /ex/adm/?uid=035409&ver=9aXPA Response: 302 “Found” Request: GET /ex/adm/auth.php Response: 200 “OK” Request: GET /ex/adm/index.php?uid=035409&ver=9aXPA Response: 302 “Found” Request: GET /ex/adm/auth.php Response: 200 “OK” ExeRead more...
178.211.58.11(irc botnet hosted in Turkey Radore Hosting Telekomunikasyon Hizmetleri San. Ve Tic. Ltd. Sti)
Remote Host Port Number 178.211.58.11 2525 NICK {ORG-XP-USA}756551 USER 7565 “” “TsGh” :7565 JOIN ##Kuzen bla PONG :irc.clupversai.com Now talking in ##Kuzen Topic On: [ ##Kuzen ] [ ] Topic By: [ OrgeneraL ] hosting infos: http://whois.domaintools.com/178.211.58.11
safetysamvps.info(irc botnet hosted in United States Nashville Psychz Networks)
safetysamvps.info:6667 Resolved : [safetysamvps.info] To [216.24.203.254] EXE FILE: http://fanaras.gr/up/catroot.exe if someone find more infos about this botnet post them here hosting infos: http://whois.domaintools.com/216.24.203.254