haveityourway.pw (betabot http botnet hosted by Alibabahost.com)

Uncategorized

Resolved haveityourway.pw to 103.31.187.77 Server:  haveityourway.pw Gate file:  /members/order.php Alternate domains (currently not registered): thebestway42.pwitsoktohaveityourway.comlosmejoresburgers1.com The first domain was only registered yesterday.  Hosting infos: http://whois.domaintools.com/103.31.187.77 Related md5s (Search on Malwr.com to download samples) Betabot: 3b0907c7bf881f8f5f9fa2190384d3dd

sentryme.com (Betabot http botnet hosted by ecatel.net)

Uncategorized

Resolved sentryme.com to 94.102.51.123 Server:  Sentryme.com Gate file:  /order.php Altnerate domain: stayattentive.com Bitcoin mining info: -a sha256 -o stratum+tcp://162.243.6.88:3333 -u Ghettoweed.R -p x -g no -t 4 -a sha256 -o stratum+tcp://162.243.6.88:3333 -u Ghettoweed.R -p x -t 0 -I 10 The username string in the binary is the sky daddy_v1$, which corresponds to this Hackforums account.Read more...

adobe-helper.cloudapp.net (Andromeda http botnet hosted by microsoft.com)

Uncategorized

Resolved adobe-helper.cloudapp.net to 168.63.166.85 Server:  adobe-helper.cloudapp.net Gate file:  /updates/gate.php It downloads a bitcoin miner and begins mining using this proxy, also hosted on the windows cloud: hxxp://updating-flash6.cloudapp.net Bonus andromeda 2.7 panel here: hxxp://adobe-helper.cloudapp.net/panel.zip Hosting infos: http://whois.domaintools.com/168.63.166.85 Related md5s (Search on Malwr.com to download samples) Andromeda: 2fd21454a5c17fcfffef9f900dec1434

dreiansc.ws (Ice 9 banking malware hosted by vps.ua)

Uncategorized

Resolved dreiansc.ws to 31.131.28.121  Server: dreiansc.ws Gate file:  /adm/gate.php Config file:  /config/index.php The owner forgot to remove the panel installation file. hxxp://dreiansc.ws/adm/install/index.php Hosting infos: http://whois.domaintools.com/31.131.28.121 Related md5s (Search on malwr.com to download samples) Ice9: edb77957d11c9add8d8bcc615ba3d392

Betabot botnets linked to hackforums users

Uncategorized

So if you have been following my posts on this blog, you may have noticed a large number of posts about the “betabot” malware. Betabot is a http bot which is sold on hackforums.net. Despite a number of complaints about serious stability issues, it has become popular with some of the more dedicated script kiddyRead more...