Resolved imtheking.pig1.cc to 5.135.19.212 Server: imtheking.pig1.cc Port: 8778 Server password: secret Channel:#JEFE Channel password: nogays Channel topic: Topic for #JEFE is: ~up http://elvenking.net/fan/tabs/jsdu.exe 42224acfcb33d8bdbc9101957e3dc0bc ~s Topic for #JEFE set by depredetor at Wed Aug 29 15:50:33 2012 Other channels are country codes: #US, #GB, #SE, etc Hosting infos: http://whois.domaintools.com/5.135.19.212 Sample Download
LilyJade again
Lilyjade is back and has moved up in the world. After Google chrome prevented the installation of extensions from sources other than the official webstore (due to the actions of malicious extensions such as lilyjade), lilyjade had a problem. Rather than explain the complicated steps needed to bypass the restriction, lilyjade spreaders have bypassed theRead more...
kca.zapto.org (irc bot hosted in United States State College Comcast Business Communications Llc)
Mirc xdcc bots Resolved : [kca.zapto.org] To [173.167.76.199] [ADMINCHAN] channel=#KCA3 admin-enable=$true [nick] prenick=WarezDivx [passwords] owner=d9b820a195766546549a0e9a7fb8728d admin=d9b820a195766546549a0e9a7fb8728d filler=d9b820a195766546549a0e9a7fb8728d [message] header-enable=$true footer-enable=$true header=..::[ 1WaReZ R00tZ 2009 ]::.. footer=..::[ 1WaReZ R00tZ 2009 ]::.. [options] needvoice=off [xserver] nspass= status=on sent=2310 packs=0 [xdcc] reqmeth=msg enable-queues=$true enable-autoadd=$false sends=10 queues=20 sends-user=1 queues-user=2 message=$true time=30 [show] queues=$true slots=$true record=$true bandwidth=$true total=$true [channels] 1=#KCA3Read more...
bb.qc.to (IRC botnets hosted by France Roubaix Ovh Systems)
Resolved bb.qc.to to 37.59.35.104 Server: bb.qc.to Port: 7356 Password: d0wn * There are 1 users and 896 invisible on 1 servers * 4 :unknown connection(s) * 41 :channels formed * I have 897 clients and 0 servers * Current Local Users: 897 Max: 1356 * Current Global Users: 897 Max: 1356 Channel: #d0wn4l1f3 Pass: downRead more...
usagov.servequake.com (Ragebot and ngrbot hosted by United States State College Comcast Business Communications Llc)
Connecting to usagov.servequake.com (173.167.76.199) Server: usagov.servequake.com Port: 6667 Channel: ##fbi## Topic for ##fbi## is: .xpl 90 1 189.x.x.x 3 1 201.x.x.x 3 1 Topic for ##fbi## set by Jorgee at Wed Aug 22 16:56:44 2012 Opers:st0n3d, DarkMisterio, Jorgee, KCA, Morad, Supreme, unutulan Auth host: Jorgee (Jorgee@jorge.c) Nick format: raGe|mtpxriDbDh Channel: #s Topic for #s is:Read more...
lilyjadev2.com (Malicious browser extension Hosted in the United States by Endicott H4y Technologies Llc)
After posting the latest browser extension malware, I decided to check up on the first posted on the site, Lilyjade. While all of the reported hosts had been shutdown, I located a new one, which claimed to host Lilyjade version 2 Here’s a look at the new version of the Lilyjade malware The first changeRead more...
Feedbuzz.info (Malicious browser extension Hosted in Canada by Sarah Ryan)
Resolved Feedbuzz.info to 184.107.233.186 The extension comes in both firefox and chrome flavors Initial loading comes from a fake youtube page, http://video8244.uni.me The page is loaded from a dropbox account (/u/95827902/), and the extensions are loaded from epicrewards.net Here is the firefox extension source loadScript_you(); function loadScript_you() { if ('https:' == document.location.protocol) return false; varRead more...
17 RATs (Hosted by home connections)
I’ve been collecting and scanning all of the files that I see on Digital’s IRC, and I’ve found that most of them are RATs that people have sent to Digital for i4i. They’re not worth a blog post so they tend to build up. Since Vaporizer (The other guy on the IRC, who is reallyRead more...
http://sonic4me.com/ (Andromeda http malware hosted in Amsterdam worldstream.nl)
Location given by the anonymous friend at http://www.exposedbotnets.com/2012/06/malware-samples-and-irc-logs.html?showComment=1339497611124#c584928102134788577 login: http://sonic4me.com/login/ Panel: http://sonic4me.com/panel/index.php seems to be 404 now. Sample Sample link 1 Sample link 2 Hosting infos: http://whois.domaintools.com/217.23.10.217
128.204.202.152 (Insomnia bot hosted in United Kingdom dotvps.net)
Server Port 128.204.202.152 6667 Channel #Fanta Password Nick {RU|W7-32u}pugpidz I have 100 clients and 0 servers* Current Local Users: 100 Max: 683* Current Global Users: 100 Max: 683 Channel Users Topic #Fanta 101 [+sntu] d3FiQ3FNTzB3NnZEdWc9PXw2NjYxNzEzNA== * Topic for #Fanta is: d3FiQ3FNTzB3NnZEdWc9PXw2NjYxNzEzNA==* Topic for #Fanta set by White at Tue May 22 08:41:10 2012 * [fanta] (austintyle@fanta123):Read more...