group-gz.me (Andromeda http botnet hosted by Panamaserver.com)

Resolved group-gz.me to 190.123.47.198

Server:   group-gz.me
Gate file:   /.daci/perete.php
Plugins
Rootkit:  group-gz.me/.daci/r.pack
Socks:  group-gz.me/.daci/s.pack
Formgrabber:  group-gz.me/.daci/f.pack
  Gate file:  group-gz.me/.daci/fg.php

This guy is installing the recently posted survey winlocker on his bots.

Hosting infos: http://whois.domaintools.com/190.123.47.198