Author: Pig

DNS Lookup Host Name IP Address all4corp.com all4corp.com 76.10.214.62 www.google.com www.google.com 74.125.39.99 Opened listening TCP connection on port: 29790Download URLs http://76.10.214.62/xed/config.bin (all4corp.com) http://74.125.39.99/webhp (www.google.com) http://76.10.214.62/xed/yourbot.exe (all4corp.com) http://76.10.214.62/xed/yourbot.exe (all4corp.com) http://76.10.214.62/xed/yourbot.exe (all4corp.com) Data posted to URLs http://76.10.214.62/xed/gate.php (all4corp.com) Outgoing connection to remote server: all4corp.com TCP port 80 Outgoing connection to remote server: www.google.com TCP port 80 OutgoingRead more...

DNS Lookup Host Name IP Address get.whitesmoke.com get.whitesmoke.com 63.236.35.30 c0004553.cdn2.cloudfiles.rackspacecloud.com c0004553.cdn2.cloudfiles.rackspacecloud.com 87.248.217.253 Download URLs http://63.236.35.30/offerbox/OfferBoxSetup_FR.exe (get.whitesmoke.com) http://63.236.35.30/WriterTools/WhiteSmokeWriter.exe (get.whitesmoke.com) http://87.248.217.253/WhiteSmokeWriter.exe (c0004553.cdn2.cloudfiles.rackspacecloud.com) Outgoing connection to remote server: get.whitesmoke.com TCP port 80 Outgoing connection to remote server: c0004553.cdn2.cloudfiles.rackspacecloud.com TCP port 80DNS Lookup Host Name IP Address download.bandoo.com download.bandoo.com 207.232.22.25 download.cdn.bandoo.com download.cdn.bandoo.com 212.201.100.171 Download URLs http://207.232.22.25/o/0/r/63/Fun4IMV6.exe (download.bandoo.com) http://212.201.100.171/cdn/o/0/r/63/Fun4IMV6.exe (download.cdn.bandoo.com)Read more...

Remote Host Port Number 77.49.241.194 7000 NICK USA|77509 USER qhvby 0 0 :USA|77509 NICK USA|47927 USER qsypqt 0 0 :USA|47927 PONG :3F52D482 JOIN #rz# rZr NICK USA|52914 USER ojheof 0 0 :USA|52914 PONG :247FE8D7 NICK USA|85862 USER wwpaiu 0 0 :USA|85862 PONG :A2A6394E NICK USA|76343 USER stywtp 0 0 :USA|76343 PONG :A0F1525E NICK USA|01481 USERRead more...

Remote Host Port Number 205.234.223.186 1234 PASS xxx 216.178.38.224 80 216.178.39.11 80 64.208.241.27 80 69.63.189.39 80 NICK NEW-[USA|00|P|16686] USER XP-2777 * 0 :COMPUTERNAME MODE NEW-[USA|00|P|16686] -ix JOIN #!nn! test PONG 22 MOTD * The data identified by the following URLs was then requested from the remote web server: o http://browseusers.myspace.com/Browse/Browse.aspx o http://www.myspace.com/browse/people o http://www.myspace.com/help/browserunsupported oRead more...

Remote Host Port Number 216.178.38.224 80 63.135.80.46 80 96.17.164.187 80 216.246.77.76 2345 PASS xxx NICK NEW-[USA|00|P|20068] USER XP-7334 * 0 :COMPUTERNAME MODE NEW-[USA|00|P|20068] -ix JOIN #!gf! test PONG 22 MOTD * The data identified by the following URLs was then requested from the remote web server: o http://browseusers.myspace.com/Browse/Browse.aspx o http://www.myspace.com/browse/people o http://www.myspace.com/help/browserunsupported o http://x.myspacecdn.com/modules/splash/static/img/cornersSheet.png oRead more...

Remote Host Port Number 213.155.29.56 6667 PASS (SelamS234) NICK {NEW}[USA][XP-SP2]981503 USER 7657 “” “lol” :7657 JOIN #1111 Registry Modifications * The newly created Registry Values are: o [HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun] + Windows Firewall = “%Temp%lsass.exe” so that lsass.exe runs every time Windows starts o [HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionRun] + Windows Firewall = “%Temp%lsass.exe” so that lsass.exe runs every time WindowsRead more...

Remote Host Port Number 112.78.112.208 80 218.85.133.201 80 76.73.99.66 6682 PASS laorosr MODE #! -ix MODE #Ma -ix USER SP2-866 * 0 :COMPUTERNAME MODE [N00_USA_XP_6447899] @ -ix MODE #dpi -ix Other details * The following ports were open in the system: Port Protocol Process 1052 TCP cwdrive32.exe (%Windir%cwdrive32.exe) 1054 TCP cwdrive32.exe (%Windir%cwdrive32.exe) 2058 TCP cwdrive32.exeRead more...

Remote Host Port Number 112.78.112.208 80 218.85.133.201 80 204.45.74.106 6682 PASS laorosr MODE #! -ix MODE #Ma -ix USER SP2-650 * 0 :COMPUTERNAME MODE [N00_USA_XP_3831042] @ -ix MODE #dpi -ix Other details * The following ports were open in the system: Port Protocol Process 1054 TCP cwdrive32.exe (%Windir%cwdrive32.exe) 1056 TCP cwdrive32.exe (%Windir%cwdrive32.exe) 1782 TCP cwdrive32.exeRead more...

DNS Lookup Host Name IP Address bleedmachine.dyndns.org 82.113.145.98 Lelystad.NL.EU.UnderNet.Org 195.47.220.2 Helsinki.FI.EU.Undernet.Org 195.197.175.21 mue-88-130-0-202.dsl.tropolys.de 88.130.0.202 Opened listening TCP connection on port: 113 C&C Server: 82.113.145.98:6667 Server Password: Username: bleed Nickname: catd Channel: (Password: ) Channeltopic: Outgoing connection to remote server: Lelystad.NL.EU.UnderNet.Org TCP port 6667 Outgoing connection to remote server: Lelystad.NL.EU.UnderNet.Org TCP port 6667 C&C Server: 195.197.175.21:6667Read more...

Remote Host Port Number 216.178.38.224 80 216.178.39.11 80 64.208.241.41 80 66.225.241.182 2345 PASS xxx JOIN #!gf! test MODE NEW-[USA|00|P|39547] -ix PONG 22 MOTD NICK NEW-[USA|00|P|39547] USER XP-2882 * 0 :COMPUTERNAME * The data identified by the following URLs was then requested from the remote web server: o http://browseusers.myspace.com/Browse/Browse.aspx o http://www.myspace.com/browse/people o http://www.myspace.com/help/browserunsupported o http://x.myspacecdn.com/modules/splash/static/img/cornersSheet.png oRead more...