supercarsinfo.net(malware hosted in Russian Federation Antarktida-plus Llc)

By Pig, April 3, 2011
Uncategorized

supercarsinfo.net Download URLs http://0.0.0.0/l_distrib/knock_test_start.php?ver=1.25&sid=2900468492924 (0.0.0.0) http://0.0.0.0/l_distrib/knock_test_start.php?type=2&step=1&err=&reg_ver=1%2E25&ver=1%2E25&sid=2900468492924 (0.0.0.0) Outgoing connection to remote server: 0.0.0.0 TCP port 80 Outgoing connection to remote server: 0.0.0.0 TCP port 80DNS Lookup Host Name IP Address drivers-z2012.com 91.220.62.53 free-pac.net 91.220.62.53 r-golos.ru 91.220.62.53 vn-66.ru 91.220.62.53 Download URLs http://91.220.62.53/distrib_serv/ip_list.php (drivers-z2012.com) http://91.220.62.53/distrib_serv/ip_list.php (drivers-z2012.com) http://91.220.62.53/distrib_serv/ip_list.php (drivers-z2012.com) Outgoing connection to remote server: drivers-z2012.com TCP port 80Read more...

sexy.myftp.biz(german hecker using rat Germany Oldenburg Kabel-deutschland-customer-services)

By Pig, April 3, 2011
Uncategorized

sexy.myftp.biz 91.66.24.39 œ Outgoing connection to remote server: sexy.myftp.biz port 81 Outgoing connection to remote server: sexy.myftp.biz port 81 Outgoing connection to remote server: sexy.myftp.biz TCP port 81 Outgoing connection to remote server: sexy.myftp.biz port 81 exe file: http://www.multiupload.com/0WATGPO3D1 infos about hecker: http://whois.domaintools.com/91.66.24.39

ngr.whoisip.org.uk(botnet hosted in Latvia Workstone Corporation)

By Pig, April 3, 2011
Uncategorized

Remote Host Port Number 194.247.48.58 47221 PASS ngrBot or PASS letmein 213.251.170.52 80 64.120.161.214 80 NICK n{US|XPa}kngcdtw USER kngcdtw 0 0 :kngcdtw JOIN #ngr ngrBot PRIVMSG #ngr :[MSN]: Updated MSN spread interval to “8” PRIVMSG #ngr :[MSN]: Updated MSN spread message to “http://rapidshare.com/files/455562571/Picture5437.JPG-.com” PRIVMSG #ngr :[d=”http://websoftwarecentral.in/install.48208.exe” s=”79872 bytes”] Executed file “C:Documents and SettingsUserNameApplication Data1.tmp” –Read more...

sharedfud.dyndns-work.com(rat user from Peru Lima Tdperx3-lacnic)

By Pig, April 1, 2011
Uncategorized

el peruviano hecker here sharedfud.dyndns-work.com 200.106.35.109 sountracker.dyndns-mail.com 200.106.35.109 Outgoing connection to remote server: sharedfud.dyndns-work.com TCP port 3461 Outgoing connection to remote server: sharedfud.dyndns-work.com TCP port 3460 Outgoing connection to remote server: sharedfud.dyndns-work.com TCP port 3460 Outgoing connection to remote server: sharedfud.dyndns-work.com TCP port 3461 Outgoing connection to remote server: sharedfud.dyndns-work.com TCP port 3461 Outgoing connectionRead more...

173.242.123.150(botnet hosted in United States Clarks Summit Volumedrive)

By Pig, April 1, 2011
Uncategorized

Remote Host Port Number 173.242.123.150 2235 PASS wiggernet Current Local Users: 160 Max: 630 Current Global Users: 160 Max: 483 MODE LNO|746499630 -ix JOIN #likenoneother# boss USERHOST LNO|746499630 PONG :MrWiiWii.IRC.NET NICK LNO|746499630 USER wlnmyriwl 0 0 :LNO|746499630 infos about hosting: http://whois.domaintools.com/173.242.123.150

dl.sd.keniu.com(trojan downloader hosted in China Jinan China Unicom Shandong Province Network)

By Pig, April 1, 2011
Uncategorized

dl.sd.keniu.com dl.sd.keniu.com 123.235.32.185 stat.sd.keniu.com stat.sd.keniu.com 219.232.254.35 Outgoing connection to remote server: dl.sd.keniu.com TCP port 80 Outgoing connection to remote server: 123.235.32.247 TCP port 80 Outgoing connection to remote server: 218.29.42.138 TCP port 80 Outgoing connection to remote server: stat.sd.keniu.com TCP port 80 exe file http://www.multiupload.com/SGDN1Z6H3Q virustotal scan http://www.virustotal.com/file-scan/report.html?id=22ccc8633a1c0b255aa07459b5343b4ab24c07e3e0fe15a7f1b23e8dd86b43cf-1301688919 infos about hosting: http://whois.domaintools.com/219.232.254.35 http://whois.domaintools.com/123.235.32.247