Category: Uncategorized

genhagroup.com (Zeus banking malware hosted by United States Provo Unified Layer)

Uncategorized

Resolved genhagroup.com to 74.220.199.26 When this site first got posted I though it was hacked, but now that I’ve taken a closer look it’s actually a lame spreading attempt. Zeus Server: genhagroup.com Gate file:  /data/gate.php Config file:  /data/cf.bin The zeus binary was hosted at utmeg.com, as a “resume creator” The download page warns that itRead more...

208.98.52.179 (Multiple irc bots hosted by United States Independence Sharktech)

Uncategorized

Server:  208.98.52.179 Port:  6969 Channel:   #KaRmA##  #KaRmA##         24      [+smntu] Nick format:  [USA|XP|kikwxww] Channel:  #AryaN#  #AryaN#          6       [+smntu] Nick format:  AryaN{US-XP-x86}1352555 Channel:  #pBot#  #pBot#           8       [+smntMu] Nick format:  KaRmA{VN-XP-x86}0123624 Channel:  ##Nix## ##Nix##          4       [+smntMu] Nick format:  Linux||296703 Channel:  ##ngr ##ngr            6       [+smntu] Nick format:  {VN|XPa}sqgblol Weed motd * - With Great Power, Comes Great Responsibility. *Read more...

techmanagement.info (Aryan irc botnet hosted by vpzzo.com)

Uncategorized

Resolved techmanagement.info to 176.31.208.105 Server:  techmanagement.info Port:  6969 Channel:  #carb# Topic for #carb# is: no botkilling!Topic for #carb# set by Yoshi at Mon Dec 03 23:46:42 2012 Hmm same domain as a previously posted andromeda net Googling the ip also brings up insomnia.incorporatedhosting.info, a domain that has graced this blog before Hosting infos:  http://whois.domaintools.com/176.31.208.105

painadiction.biz (Andromeda http botnet hosted by Ukraine Ukrainian Internet Names Center Ltd)

Uncategorized

Resolved painadiction.biz to 91.231.85.228 I found this bot running as an update on a few of the barracuda http nets that I had already posted. I would imagine someone has found a vulnerability in the panel. Server:  painadiction.biz Gate file:  /moneymaker/image.php There are a few other domains with the same registration email (soyperlman@live.com) on theRead more...

genhagroup.com (Andromeda http botnet hosted by United States Provo Unified Layer)

Uncategorized

Resolved genhagroup.com to 74.220.199.26 This looks like it’s hosted on a hacked server Server:  genhagroup.com Gate file:  /andro/image.php Plugins Rootkit:   genhagroup.com/andro/r.pack Socks:  genhagroup.com/andro/s.pack Formgrabber:  genhagroup.com/andro/f.pack    Gate file:  genhagroup.com/andro/fg.php Hosting infos: http://whois.domaintools.com/74.220.199.26

i.greenleafyplants.info (Athena irc botnet hosted by Germany Frankfurt Am Main Voxility S.r.l.)

Uncategorized

Resolved i.greenleafyplants.info to 37.221.170.211 Server:   i.greenleafyplants.info Port:  15001 Server password:  69 Channel:  #A Channel password:  t Nick format:  _[USA|U|L|WIN7|x64|4c]alcaiwfs Oper: _ [_] (u@v.Host): … [_] @#A [_] irc.server.net :IRC server [_] is a Bot on IRC server [_] idle 01:22:14, signon: Sun Dec 02 05:45:11 [_] End of WHOIS list. His debug bot: n[USA|U|D|WIN7|x64|4c]xqftcbqiRead more...

w4hw5wg3488h.net (snk asper mod irc botnet hosted by Germany Karlsruhe 1&1 Internet Ag)

Uncategorized

Resolved w4hw5wg3488h.net to 213.165.89.117 Server:  w4hw5wg3488h.net Port:  5050 Channel:  #oh Topic for #oh is: .d /100/97/111/124/120/46/47/39/99/103/96/69/126/115/101/62/113/111/115/62/100/124/57/61/39/57/60/23/40/61/47/33/12/63/52/35/42/41/17/103/8/85/63/104/127/118/39/98/107/73/77/ Topic for #oh set by s at Sat Dec 01 18:36:05 2012 Oper:  s!x@x Talking with snk <Userbased> hey <s> sup <Userbased> cool ircd mod <s> yea <Userbased> I like the link encryption as well <Userbased> is this anRead more...

dinosaur.no-ip.org (Andromeda and barracuda http botnets hosted by Russian Federation Moscow Pallada Web Service Llc)

Uncategorized

Resolved dinosaur.no-ip.org to 37.0.123.119 I’ve been watching the barracuda for a while, and when I saw it load the andromeda I decided to post them both. Andromeda Server:   dinosaur.no-ip.org Gate file:   /andr/image.php  Plugins Rootkit:  dinosaur.no-ip.org/andr/r.pack Socks:  dinosaur.no-ip.org/andr/s.pack Formgrabber:  dinosaur.no-ip.org/andr/f.pack    Gate file:  dinosaur.no-ip.org/andr/fg.php Barracuda http Server:  dinosaur.no-ip.org Gate file:  dinosaur.no-ip.org/drgordon512/bot.php Here are someRead more...