Month: January 2013

irc.anzima.eu (Insomnia irc botnet hosted by limestonenetworks.com)

Uncategorized

Resolved to irc.anzima.eu to 208.115.240.120 This server requires ssl and for you to accept invalid/self generated certificates to connect. Server:   irc.anzima.eu Port:  7007 Server password:   unocomein Channel:  #I #I               38      [+sntu] Oper: [anz] (anzima@I.B.ROOT): Anzii[anz] ~#I [anz] irc.anzima.eu :Net[anz] is a Network Administrator[anz] is available for help.[anz] is using a Secure Connection[anz] idleRead more...

sixdollarads.com(SpyEye hosted in United States Dallas Theplanet.com Internet Services Inc.)

Uncategorized

Resolved : [sixdollarads.com] To [174.132.190.220] SpyEye Panel:http://sixdollarads.com/vc/cp/maincp/ Bins: hxxp://sixdollarads.com/vc/cp/maincp/bin/0.1.exe hxxp://sixdollarads.com/vc/cp/maincp/bin/1.0.exe hxxp://sixdollarads.com/vc/cp/maincp/bin/config.bin hxxp://sixdollarads.com/vc/cp/maincp/bin/sys.exe hxxp://sixdollarads.com/vc/cp/maincp/bin/upload/sys.exe hxxp://sixdollarads.com/vc/cp/maincp/bin/upload/Photo345.jpg.scr hosting infos: http://whois.domaintools.com/174.132.190.220

updates211.zapto.org(Pony hosted in United States Port Richey Private Customer – Verizon Internet Services Inc.)

Uncategorized

Pony Gate :updates211.zapto.org/pony/gate.php Pony Admin:http://updates211.zapto.org/pony/admin.php Setup file is inside:http://updates211.zapto.org/pony/setup.php Here u can see Pony files and folders:http://updates211.zapto.org/pony/ Pony sample:hxxp://updates211.zapto.org/update211.exe hosting infos: http://whois.domaintools.com/96.254.171.6

d1d4f5s.no-ip.org (ngrbot irc botnet hosted by Zap-Hosting.com)

Uncategorized

Resolved d1d4f5s.no-ip.org to 109.230.238.65 Server:  d1d4f5s.no-ip.org Port:  6669 Channel:  #ngr * Topic for #ngr is: –!msn.int # !msn.set that’s pretty cool hxxp://canbolugiray.com/yenisite/* Topic for #ngr set by null at Thu Jan 03 14:31:19 2013 MSN spread message is a java “driveby” http://urlquery.net/report.php?id=596405 I don’t think these guys quite get how ngrbot works. alex: !pdef onalex:Read more...

irc.unixon.net (PHP and perl botnets hosted by Poland Kalisz Static Ip)

Uncategorized

Resolved irc.unixon.net  to 211.60.155.5, 69.46.16.67, 76.74.236.70, 95.48.19.74, 88.208.211.135, 79.188.136.138, 83.17.0.148 PHP bot Server:  irc.unixon.net Port:  7100 Channel:  #dor Channel password:  dor #dor             171     [+p] Bot code: http://pastebin.com/ZGa0MLAq Perl bot Server:  irc.unixon.net Port:  7100 Channel:  #bot #bot             101     [+smnt]  Bot code: http://pastebin.com/scyHzVcS     

apoctechnology.com (Andromeda http botnet hosted by Seychelles Victoria Business Dialogue Ltd)

Uncategorized

Resolved apoctechnology.com to 91.217.178.32 I think this is the same guy from here. What is it with him and having his nick in the domain? Server:  apoctechnology.com Gate file:   /Grind/Boom/Lancer/Panel/image.php He’s trying out a survey winlocker annoyance program. It ‘s a really shitty one though. See it in action: http://malwr.com/analysis/4ceff448b85855dbb824a1098cdeea39/ Hosting infos: http://whois.domaintools.com/91.217.178.32