Author: Pig

pfy.mysite.org(botnet hosted with United States Albuquerque Bigbyte.cc)

By Pig, December 4, 2010
Uncategorized

Remote Host Port Number 207.114.175.51 6667 NICK COMPUTERNAME16180 USER COMPUTERNAME16180 0 0 COMPUTERNAME16180COMPUTERNAME16180 JOIN #newaiuwhd NICK COMPUTERNAME79226 USER COMPUTERNAME79226 0 0 COMPUTERNAME79226COMPUTERNAME79226 NICK COMPUTERNAME61492 USER COMPUTERNAME61492 0 0 COMPUTERNAME61492COMPUTERNAME61492 * The following ports were open in the system: Port Protocol Process 1054 TCP 8jg53l4ojo74khk.exe (%Windir%8jg53l4ojo74khk.exe) 1056 TCP 8jg53l4ojo74khk.exe (%Windir%8jg53l4ojo74khk.exe) 1057 TCP 8jg53l4ojo74khk.exe (%Windir%8jg53l4ojo74khk.exe) Registry ModificationsRead more...

xvm-168-229.ghst.net(Ogard,VirUs same lamer big botnet hosted with United Kingdom Gandi Uk Dedicated Hosting Servers)

By Pig, December 4, 2010
Uncategorized

Remote Host Port Number 217.70.188.30 3211 92.243.28.194 3211 95.142.163.184 3211 95.142.168.229 3211 USER VirUs “” “lol” :9813 NICK [USA][XP-SP2]315437 USER VirUs “” “lol” :7634 NICK [USA][XP-SP2]900959 USER VirUs “” “lol” :4049 NICK [USA][XP-SP2]032172 NICK [USA][XP-SP2]456089 USER VirUs “” “lol” :1467 NICK [USA][XP-SP2]687424 USER VirUs “” “lol” :6389 NICK [USA][XP-SP2]442067 USER VirUs “” “lol” :7908 NICKRead more...

xo39du910.t35.com(spamer trojan hosted with United States Fair Lawn T)

By Pig, December 3, 2010
Uncategorized

DNS Lookup Host Name IP Address xo39du910.t35.com 69.10.48.106 Data posted to URLs http://69.10.48.106/1/post.php (xo39du910.t35.com) Outgoing connection to remote server: xo39du910.t35.com TCP port 80 Registry Changes by all processes Create or Open Changes Reads HKEY_LOCAL_MACHINESOFTWAREMicrosoftCTFSystemShared “CUAS” HKEY_CURRENT_USERKeyboard LayoutToggle “Language Hotkey” HKEY_CURRENT_USERKeyboard LayoutToggle “Layout Hotkey” HKEY_LOCAL_MACHINESOFTWAREMicrosoftCTF “EnableAnchorContext” HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionIMM “Ime File” HKEY_CURRENT_USERSoftwareMicrosoftCTF “Disable Thread Input Manager” HKEY_LOCAL_MACHINESYSTEMControlSet001ControlSessionRead more...

ip-97-74-114-46.ip.secureserver.net(malware hosted with United States Scottsdale Godaddy.com Inc)

By Pig, December 3, 2010
Uncategorized

DNS Lookup Host Name IP Address 97.74.114.46 97.74.114.46 Download URLs http://97.74.114.46/css/style.gif (97.74.114.46) Outgoing connection to remote server: 97.74.114.46 TCP port 80 Registry Changes by all processes Create or Open Changes Reads HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionFontSubstitutes “MS Shell Dlg 2” HKEY_LOCAL_MACHINESOFTWAREMicrosoftCTFSystemShared “CUAS” HKEY_CURRENT_USERKeyboard LayoutToggle “Language Hotkey” HKEY_CURRENT_USERKeyboard LayoutToggle “Layout Hotkey” HKEY_LOCAL_MACHINESOFTWAREMicrosoftCTF “EnableAnchorContext” HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionIMM “Ime File” HKEY_CURRENT_USERSoftwareMicrosoftCTF “DisableRead more...

wewqeq.idcbr.net(botnet hosted with United States Atlanta Global Net Access Llc)

By Pig, December 3, 2010
Uncategorized

Remote Host Port Number 207.210.96.152 6567 PASS s1m0n3t4 MODE [SI|USA|00|P|83827] -ix JOIN #carro# c1rc0dus0leil PONG Apple.Network NICK [SI|USA|00|P|83827] USER XP-2586 * 0 :COMPUTERNAME * The following port was open in the system: Port Protocol Process 1053 TCP conmysys.exe (%Windir%conmysys.exe) Registry Modifications * The newly created Registry Values are: o [HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun] + Service ares = “conmysys.exe”Read more...

x1x4x0.net(SnK the russian hecker hosted with United States Chicago Hostforweb Inc)

By Pig, December 3, 2010
Uncategorized

– DNS Queries: Name Query Type Query Result Successful Protocol x1x4x0.net DNS_TYPE_A 216.246.124.50 YES udp winhostmanager.net DNS_TYPE_A 127.0.0.1 YES udp winupdatecontrol.net DNS_TYPE_A 216.246.124.50 YES udp Remote Host Port Number 216.246.124.50 5500 NICK |US|INF|12|6|55|737| USER 55768 |US|.com 216.246.124.50 :55768 |US| PONG :422 JOIN #win# PONG :leaf1.not.found Now talking in #win# Topic On: [ #win# ] [Read more...

cdnews2010.com(malware hosted with Brazil Comite Gestor Da Internet No Brasil)

By Pig, December 3, 2010
Uncategorized

DNS Lookup Host Name IP Address cdnews2010.com 187.17.98.13 Download URLs http://187.17.98.13/cpic1.jpg (cdnews2010.com) http://187.17.98.13/cpic2.jpg (cdnews2010.com) http://187.17.98.13/cpic3.jpg (cdnews2010.com) http://187.17.98.13/cpic4.jpg (cdnews2010.com) Outgoing connection to remote server: cdnews2010.com TCP port 80 Outgoing connection to remote server: cdnews2010.com TCP port 80 Outgoing connection to remote server: cdnews2010.com TCP port 80 Outgoing connection to remote server: cdnews2010.com TCP port 80 RegistryRead more...

rockets.dynalias.com(botnet hosted with Thailand Bangkok Truehisp)

By Pig, December 3, 2010
Uncategorized

DNS Lookup Host Name IP Address rockets.dynalias.com 210.213.57.189 Lelystad.NL.EU.UnderNet.Org 195.47.220.2 mue-88-130-45-099.dsl.tropolys.de 88.130.45.99 Helsinki.FI.EU.Undernet.Org 195.197.175.21 Opened listening TCP connection on port: 113 C&C Server: 210.213.57.189:6667 Server Password: Username: love Nickname: :tigerk Channel: #spam (Password: ) Channeltopic: Outgoing connection to remote server: Lelystad.NL.EU.UnderNet.Org TCP port 6667 C&C Server: 195.197.175.21:6667 Server Password: Username: bad Nickname: fuckeru Channel: (Password:Read more...

durrhurrhurr.no-ip.info(RAT hosted on his own home lol United States Alexandria Cox Communications)

By Pig, December 3, 2010
Uncategorized

DNS Lookup Host Name IP Address durrhurrhurr.no-ip.info 98.169.249.22 Outgoing connection to remote server: durrhurrhurr.no-ip.info TCP port 3083 Outgoing connection to remote server: durrhurrhurr.no-ip.info TCP port 3083 Outgoing connection to remote server: durrhurrhurr.no-ip.info TCP port 3083 Outgoing connection to remote server: durrhurrhurr.no-ip.info TCP port 308 Registry Changes by all processes Create or Open Changes HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionRun “AudioService.exe”Read more...

yourfree.servebeer.com(botnet hosted with Russian Federation Iqhost Ltd)

By Pig, December 3, 2010
Uncategorized

DNS Lookup Host Name IP Address yourfree.servebeer.com 193.106.173.129 www.ip2location.com 70.86.96.219 Download URLs http://70.86.96.219/ (www.ip2location.com) http://70.86.96.219/ (www.ip2location.com) http://70.86.96.219/ (www.ip2location.com) C&C Server: 193.106.173.129:1338 Server Password: Username: DIX Nickname: [New|XP|x86|DE|3283] Channel: #AdminsLOL# (Password: ) Channeltopic: Outgoing connection to remote server: www.ip2location.com TCP port 80 Outgoing connection to remote server: www.ip2location.com TCP port 80 Outgoing connection to remote server:Read more...