cureid.pw (pop3 bruteforcing botnet hosted by firstvds.ru)

Uncategorized

Resolved cureid.pw to 62.109.17.111 Server:  cureid.pw Gate file:  /cmd.php The fort disco brute forcing malware has been upgraded, and is now bruteforcing pop3 accounts. The url list to bruteforce is now a list of domains and MX servers. motorisationplus.com:mx00.1and1.fr instagift.com:aspmx.l.google.com paddypartners.it:cluster2a.eu.messagelabs.com nunofi.sk:mail3.itstudio.cz realasianbabes.com:oxmail.registrar-servers.com kvalitetskatalog.se:kvalitetskatalog.se caissedesdepots.fr:mail1.caissedesdepots.fr siat.ac.cn:mx.cstnet.cn A list is mirrored here, you can see moreRead more...

milfsdeasing.com (paradise ddos bot hosted by zevshost.net)

Uncategorized

Resolved milfsdeasing.com to 192.102.6.130 Server:  milfsdeasing.com Gate file:  /par/bfg.php The bot is currently attacking a few websites related to stock and financial regulation. POST /par/bfg.php HTTP/1.1 Host: milfsdeasing.com User-Agent: PARADISE Content-Type: application/x-www-form-urlencoded Connection: close Content-Length: 10 status=get HTTP/1.1 200 OK Date: Thu, 12 Sep 2013 00:25:55 GMT Server: Apache/2.2.16 (Debian) X-Powered-By: PHP/5.3.3-7+squeeze14 Vary: Accept-Encoding Content-Length:Read more...

cureit.pw (WordPress bruting botnet hosted by firstvds.ru)

Uncategorized

Resolved cureit.pw to 62.109.17.111 This is the same malware as this previous post. Correct gate request GET /cmd.php HTTP/1.0 Host: cureit.pw. Keep-Alive: 300 Connection: keep-alive User-Agent: Mozilla/4.0 (compatible; Synapse) HTTP/1.1 200 OK Date: Wed, 11 Sep 2013 19:17:35 GMT Server: Apache/2.2.24 (FreeBSD) PHP/5.4.15 mod_ssl/2.2.24 OpenSSL/1.0.1e X-Powered-By: PHP/5.4.15 Cache-Control: max-age=1 Expires: Wed, 11 Sep 2013 19:17:36Read more...

lpa4u.in (Betabot http botnet hosted by worldstream.nl)

Uncategorized

Resolved lpa4u.in to 217.23.4.120 Server:  lpa4u.in Gate file:  /radioserver/order.php Downloaded by this andromeda. The domain was only registered yesterday. Hosting infos: http://whois.domaintools.com/217.23.4.120 Related md5s (search on malwr.com to download samples) Betabot: 4046fd4e5ddfc40548c2316d6cd289f4