Resolved mikimouse.net to 46.182.107.35
Server: mikimouse.net (Alternate domains mikimouse.org mikispace.org)
Port: 1863
Server password: jobs
Channel: #jobs
Topic for #jobs is:
Topic for #jobs set by h at Sat Feb 23 19:28:30 2013
This is the same bot, port and spreading method as a previously posted botnet. However that had been sinkholed so it appears the operators have started off fresh. They are off to a poor start, using a Hackforums .net crypter that breaks bot startup.
Hosting infos: http://whois.domaintools.com/46.182.107.35
Chat with a guy who runs it
(11:52:02 PM) hidden: hey bro (11:52:05 PM) hidden: r u there (11:52:10 PM) Nraep: yup (11:52:12 PM) hidden: can u do a favour for me (11:52:19 PM) Nraep: what? (11:52:34 PM) hidden: u put my botnet on honeypots (11:52:47 PM) hidden: can u remove it (11:52:47 PM) hidden: ? (11:52:55 PM) Nraep: which one? (11:53:08 PM) hidden: coz some fucking guys are joined there evry day and spaming mee (11:53:20 PM) hidden: some bitchezz like aliss (11:53:22 PM) hidden: lol (11:53:23 PM) Nraep: lol (11:53:27 PM) hidden: chanel #jobs (11:53:40 PM) hidden: see there witch are with chanel #jobs remove (11:54:20 PM) Nraep: This one? http://www.exposedbotnets.com/2013/02/mikimousenet-ngrbot-irc-botnet-hosted.html (11:54:58 PM) hidden: yes (11:54:59 PM) hidden: bro (11:55:12 PM) hidden: coz i got to much of dnss there with these infos (11:55:17 PM) Nraep: So wait, was this yours as well? http://www.exposedbotnets.com/2012/10/venustimeinfopl-ngrbot-irc-botnet.html (11:55:32 PM) Nraep: same port, bot, etc (11:55:41 PM) hidden: yes sure (11:56:05 PM) Nraep: how many bots did you get on that one? you seemed to be spreading like mad (11:56:15 PM) hidden: 12k (11:56:31 PM) hidden: i dont spread in last few days (11:56:34 PM) hidden: coz i dont have time (11:56:38 PM) hidden: my partner does that (11:56:46 PM) hidden: the problem is that no good cryptors (11:56:58 PM) Nraep: yeah, I saw you using a .net one (11:57:00 PM) hidden: i had with this bin and this method of spread more than 40k (11:57:04 PM) hidden: but now im lower (11:57:10 PM) hidden: fuckk (11:57:46 PM) Nraep: must be getting detected (11:58:06 PM) hidden: yeah (11:58:13 PM) Nraep: so do you just do ppi on them? (11:58:16 PM) hidden: so these are my infos of my bots (11:58:35 PM) hidden: so pls dont post them if u can :P (11:58:43 PM) hidden: nothing for now (11:58:50 PM) hidden: i dont know any good ppi (11:58:56 PM) hidden: all rippers and noone pays good (12:00:28 AM) Nraep: it won't do much good to take it down now, everyone who spams you already has the address (12:01:00 AM) hidden: yes but better to remove it lol (12:01:14 AM) hidden: also when u see this again dont post me anymore :$ (12:01:24 AM) hidden: i did not saw pig to tell him (12:01:33 AM) hidden: he will do it im 100000% pretty sure (12:01:50 AM) Nraep: I'll let him know (12:01:56 AM) hidden: ok tell him (12:01:59 AM) hidden: xDrulZ (12:02:07 AM) hidden: he knows me the albanian guy from skopje (12:02:07 AM) hidden: ;) (12:02:13 AM) Nraep: ok (12:02:41 AM) hidden: ask him to remove post from there and ull get +1 answer (12:03:13 AM) Nraep: I will (12:03:21 AM) Nraep: he's not on right now though (12:03:54 AM) hidden: i got him on msn .. but i think hes not online never (12:04:06 AM) Nraep: he's usually on irc (12:04:14 AM) hidden: nerdlife (12:04:15 AM) hidden: :P