Author: Pig

Remote Host Port Number 173.245.60.21 80 63.135.80.224 80 63.135.80.46 80 64.62.181.43 80 72.21.91.19 80 212.7.214.129 2866 PASS xxx NICK NEW-[USA|00|P|77494] USER XP-8936 * 0 :COMPUTERNAME MODE NEW-[USA|00|P|77494] -ix JOIN #!nine! test PONG 22 MOTD * The data identified by the following URLs was then requested from the remote web server: o http://www.refillntime.com/sweet.txt o http://browseusers.myspace.com/Browse/Browse.aspx oRead more...

Remote Host Port Number 199.15.234.7 80 83.233.33.6 80 212.7.214.129 1866 PASS ngrBot PRIVMSG #!hot! :[DNS]: Blocked 1310 domain(s) – Redirected 0 domain(s) NICK n{US|XPa}rzvcxsk USER rzvcxsk 0 0 :rzvcxsk JOIN #!hot! ngrBot PRIVMSG #!hot! :[HTTP]: Updated HTTP spread interval to “3” PRIVMSG #!hot! :[MSN]: Updated MSN spread interval to “2” PRIVMSG #!hot! :[HTTP]: Updated HTTPRead more...

Remote Host Port Number 119.59.99.239 1234 PASS priv9 199.15.234.7 80 NICK n{US|XP}fktrfon USER fktrfon 0 0 :fktrfon JOIN #ngr HELO hosting infos: http://whois.domaintools.com/119.59.99.239

Remote Host Port Number 199.15.234.7 80 66.45.56.124 80 69.71.57.93 80 70.38.98.238 80 60.190.223.150 5101 PASS hax0r PRIVMSG #p– :[d=”http://img104.herosh.com/2011/10/16/876345700.gif” s=”229376 bytes”] Executed file “C:Documents and SettingsUserNameApplication Data1.tmp” – Download retries: 0 PRIVMSG #% :[Visit]: Visited “http://cpv.onlinelivesearch.com/cpv.jsp?p=113890&aid=10036145&partnerMin=0.00&ron=on&ronMin=0.00&url=&context=&default=http://cpvback.onlinelivesearch.com/ads.php” channel:#ngme ng00 hosting infos: http://whois.domaintools.com/60.190.223.150

looks like fubar and jam3s are developing this lame bot in private now the version 1.3 have diferent update and spreading commands the code here is given to bots in .txt file with list of commands to be executed from the bot u can download the exe file from links below link1: http://02a4bc0e.urlbeat.net link2: http://59b97c61.urlbeat.net

Remote Host Port Number 109.68.191.166 1234 PASS xxx 173.245.60.21 80 212.7.214.59 80 216.178.39.11 80 63.135.80.224 80 72.21.91.19 80 NICK NEW-[USA|00|P|72548] USER XP-8030 * 0 :COMPUTERNAME MODE NEW-[USA|00|P|72548] -ix JOIN #!nw! test PONG 22 MOTD hosting infos: http://whois.domaintools.com/109.68.191.166

This package contains alot of irc bot samples,worms like fworm etc,email spreaders,rootkits and banking trojans have fun Download: http://c45d041d.urlbeat.net

Very big irc botnet now for rent and hosted in france Resolved : [a.xludakx.com] To [92.243.27.72] 92.243.27.72 5900 leaf nr4 92.243.17.156 5900 resolved [b.xludakx.com] to (92.242.140.48) resolved [c.xludakx.com] to (92.242.140.48) resolved [d.xludakx.com] to (92.242.140.48) Remote Host Port Number 199.15.234.7 80 92.243.26.81 80 PASS ngrBot 92.243.26.81 3212 92.243.20.57 80 leaf nr2 Resolved : [haso.dukatlgg.com] To [92.243.27.178]Read more...

Remote Host Port Number 139.91.102.101 9595 PASS weed JOIN #VN# junglist USERHOST [00|USA|XP|SP2]-3905 MODE [00|USA|XP|SP2]-3905 +x NICK [00|USA|XP|SP2]-3905 USER hcyv 0 0 :[00|USA|XP|SP2]-3905 PONG :2FEDAA4A hosting infos: http://whois.domaintools.com/139.91.102.101

Remote Host Port Number 64.32.28.18 6667 PONG irc.insom.org JOIN #vnc# rage PRIVMSG #vnc# : 14,1.:[ 15,1rAGEBoT 14,1]:. 15,1 range: 201 with 100 threads. (autorooting) 15,1 p2p spread started. 15,1 rarworm activated. hosting infos: http://whois.domaintools.com/64.32.28.18