Remote Host Port Number 188.72.196.163 4244 PASS google_cache2.tmp NICK new[iRooT-XP-USA]572986 USER 5729 “” “TsGh” :5729 JOIN #!N!# WTF PRIVMSG #!N!# :http://tips2x1.bloger.hr Has Been Visited! Now talking in #!N!# Topic On: [ #!N!# ] [ .visit http://tips2x1.bloger.hr ] Topic By: [ NhG ] hosting infos: http://whois.domaintools.com/188.72.196.163
46.166.140.132(ngrBot hosted in United States Amsterdam Santrex Internet Services Ltd)
Remote Host Port Number 199.15.234.7 80 46.166.140.132 6667 Clients: I have 112 clients and 0 servers Local users: Current Local Users: 112 Max: 251 Global users: Current Global Users: 112 Max: 251 PONG :D5E8DE88 JOIN #|Bots|# PONG :Vater.irc.mit.edu NICK n{US|XP-32a}jxeicyv USER jxeicyv 0 * :jxeicyv Now talking in #|Bots|# Joins: {HU|W7-64u}txhnliy [txhnliy@rox-7506984E.prtelecom.hu] Modes On: [Read more...
big4eva.no-ip.biz(ngrBot hosted in Russian Federation Mir Telematiki Ltd)
Remote Host Port Number 46.17.98.235 6667 Clients: I have 73 clients and 0 servers Local users: Current Local Users: 73 Max: 106 Global users: Current Global Users: 73 Max: 106 NICK SB|USA|XP|XHVDhcSI USER SB|USA|XP|XHVDhcSI big4eva.no-ip.biz SB|USA|XP|XHVDhcSI :SB|USA|XP|XHVDhcSI JOIN #irc NICK SB|USA|XP|vxwfnfOz USER SB|USA|XP|vxwfnfOz big4eva.no-ip.biz SB|USA|XP|vxwfnfOz :SB|USA|XP|vxwfnfOz Now talking in ##xcn Modes On: [ ##xcn ]Read more...
173.248.187.166(irc botnet hosted in United States Franklin Mddhosting Llc)
Remote Host Port Number 173.248.187.166 1866 The data identified by the following URLs was then requested from the remote web server: http://dl.dropbox.com/u/55297842/visitweb.exe NICK n[USA|XP|COMPUTERNAME]kvrizpu USER hh “” “lol” :hh JOIN #!g! PONG 422 Now talking in #!g! Topic On: [ #!g! ] [ .load /99/106/112/81/55/59/40/110/116/35/105/120/111/108/117/108/110/38/127/122/100/56/126/9/22/45/45/35/61/47/45/56/47/117/104/83/104/119/126/71/120/46/102/126/105/ ] Topic By: [ evoL1x ] hosting infos: http://whois.domaintools.com/173.248.187.166
120mb malware samples
This package contain alot of irc bots like ngrBot,Insomnia and banking trojans like Zeus,Spyeye but the best part of it are the files with the name FuckUPiggw.exe,FuckUPig.exe from one of my fans lol Download Download Download
217.160.253.201(irc botnet hosted in Germany 1&1 Internet Ag)
Remote Host Port Number 217.160.253.201 2345 NICK New[USA|00|P|78527] PRIVMSG #!loco! :[M]: Thread Disabled. PRIVMSG #!loco! :[M]: Thread Activated: Sending Message With Email. USER XP-2736 * 0 :COMPUTERNAME MODE New[USA|00|P|78527] -ix JOIN #!loco! PONG 22 MOTD Now talking in #!loco! Topic On: [ #!loco! ] [ .m.s|.m.e foto haaaha http://goo.gl/SgJrv?= ] Topic By: [ wd69 ]Read more...
216.18.232.151(3vbot hosted in United States Allhostshop.com)
Remote Host Port Number 199.15.234.7 80 216.18.232.151 6667 NICK New{US-XP-x86}5635115 USER 5635115 “” “5635115” :5635115 MODE New{US-XP-x86}5635115 +iMm JOIN #|3vbot|# PONG :irc.priv8net.com
micolosoft.in(Trojan-Ransom.Winlock hosted in United States Scranton Network Operations Center Inc)
Traffic – by DNS: micolosoft.in 184.22.188.84 poletaem002.in 199.168.139.53 mekrosoft.in 184.22.188.84 Traffic – by TCP/IP Connections: 184.22.188.84 80 199.168.139.53 80 Traffic – by URL: URL micolosoft.in/zip/gate.php?user=partner_011&uid={B31F86E0-234C-11E1-BBF6-806D6172696F}&os=2 poletaem002.in/image/gate.php?getcmd=1&uid=XANNY here it demands for user and passwd have fun finding them this is what u get if u are infected with: hosting infos: http://whois.domaintools.com/184.22.188.84
n39rfiuewh9uihc.org(Bredolab hosted in Russian Federation St. Petersburg Petersburg Internet Network Ltd)
Registry Change The following Registry Keys were changed Action Registry Changed [NTUSER/Software/Microsoft/Internet Explorer/Main/Default Feeds] Changed [NTUSER/Software/Microsoft/Internet Explorer/PhishingFilter] Changed [NTUSER/Software/Microsoft/Internet Explorer/Recovery] Traffic – by DNS: n39rfiuewh9uihc.org 146.185.242.131 Traffic – by TCP/IP Connections: 146.185.242.131 80 Traffic – by URL: URL n39rfiuewh9uihc.org/G0X7Z3vtzdpVPR4sBFa95jxTSQYAD82f.tiff n39rfiuewh9uihc.org/tBKNvbQpVYCDRSGmck4nxAaWhX.bmp xandora results here: http://www.xandora.net/xangui/malware/view/692cfa2313899607124752a9f8d88b6d hosting infos: http://whois.domaintools.com/146.185.242.131
freetop.mobi(Umbra Loader hosted in United States Fredericksburg Singlehop Inc)
Umbra Loader Panel: http://www.freetop.mobi/en/panel/Panel/ Vertexnet Loader Panel: http://mymobilewap.info/utube/bot/ Traffic – by DNS: mymobilewap.info 69.175.127.82 www.freetop.mobi 69.175.127.82 Traffic – by TCP/IP Connections: 69.175.127.82 80 Traffic – by URL: URL mymobilewap.info/utube/stel.exe mymobilewap.info/utube/server.exe www.freetop.mobi/en/panel/Panel/bot.php u can find more executables here: mymobilewap.info/utube/ Analysis results: http://www.xandora.net/xangui/malware/view/b455957506ffa7202211e7c74ecdd7bb hosting infos: http://whois.domaintools.com/69.175.127.82