Author: I_Post_Ur_Info

bootcamp4wealth.com (Ice 9 banking malware hosted by wiredtree.com)

Uncategorized

Resolved bootcamp4wealth.com to 173.199.181.60 Server:   bootcamp4wealth.com Gate file:  bootcamp4wealth.com/wp-directory/images/config/adm/gate.php Config file:  bootcamp4wealth.com/wp-directory/images/config/config/index.php Login page:  bootcamp4wealth.com/wp-directory/images/config/adm/index.php?m=login Anyone infected with this is safe for now as the owner hasn’t figured out that the bot and config dropper need the same key for it to work. Hosting infos: http://whois.domaintools.com/173.199.181.60

qwer.be (YZF ddos botnet hosted by metrabyte.co.th)

Uncategorized

Resolved qwer.be to 119.59.99.200 Server:  qwer.be Gate file:  /1234567/cmd.php Information for building http requests is stored in /1234567/sys/ as text files renamed to pngs. http://qwer.be/1234567/sys/UserAgent.png Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; MyIE2; Deepnet Explorer) Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.0.3705; .NET CLR 1.1.4322) Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)Read more...

x.n-0-r-1.org (ngr irc botnet hosted by Russian Federation Saint Petersburg Selectel Ltd.)

Uncategorized

This botnet has lots of domains, none of which are resolving at the moment. x.n-0-r-1.org x.n0r1.org x.n2rx.asia x.n1rx.asia x.n0r2.asia x.n0r1.asia x.dload.ws x.xd11.in You can still connect to the server using it’s ip address though.. Server:  31.186.102.189 Port:  80 Server password:  666666 Channel:   ##CBC-x01## * Topic for ##CBC-x01## is: !m on !mod usbi on !NAZELRead more...

f0010.info (ngr irc botnet hosted by perfectip.net)

Uncategorized

Resolved f0010.info to 64.56.64.29, 64.56.64.26 Server:  f0010.info Port:  1887 Server Password:   leonis Channel:  #pool Channel password:  leonis * Topic for #pool is: ~pu hxxp://www.sendspace.com/pro/dl/ishh04 1f88bb85c51290b759d16dda9fff692d ~s -o ~s * Topic for #pool set by google at Mon Dec 17 12:16:33 2012 Bots also join the channel for their county, eg #US, and operating system,Read more...

bid.consulting-info.eu (Click fraud botnet hosted by quadranet.com)

Uncategorized

Resolved bid.consulting-info.eu to s1.fclick.org (cname) Resolved s1.fclick.org to 96.44.149.187 Server:   bid.consulting-info.eu Gate file:  /feed/xml.php?uid=219   More click fraud courtesy of french hecker h4r3. This time it looks a bit more sophisticated though. I’m assuming this is an affiliate program as while it’s using h4r3’s domain it points to another site. If you search forRead more...

74.208.111.48 (HEX reptile mod hosted by 1and1.com)

Uncategorized

ALiSs has found a new net Server:  74.208.111.48 Port:  1866 Channel:  #!h! * Topic for #!h! is: .load /99/106/112/81/55/59/40/105/121/99/108/102/45/111/98/115/102/103/110/97/108/101/120/8/64/119/114/53/122/126/122/126/117/113/100/83/46/112/124/64/40/46/102/126/105/ * Topic for #!h! set by wweras at Fri Dec 14 20:55:55 2012 Hosting infos:  http://whois.domaintools.com/74.208.111.48