frizzcams.com (Betabot http botnet hosted by Balticservers.com)

By I_Post_Ur_Info, May 11, 2014
Uncategorized

Resolved frizzcams.com to 5.199.165.239 Server:  frizzcams.com Gate file:  /beta/order.php Alternate domains: fapncam.com proxypool.info update-silo.com This has the same C&C domains as this betabot, just in a different order. It’s involved with spreading a youtube views boosting bot. Domain info: frizzcams.com Domain Name: FRIZZCAMS.COM Registrar: MONIKER ONLINE SERVICES LLC Registrant [4327848]: Moniker Privacy Services FRIZZCAMS.COM@monikerprivacy.net MonikerRead more...

b.mypaintdressk13.com (Betabot http botnet hosted by sprintdatacenter.pl)

By I_Post_Ur_Info, May 9, 2014
Uncategorized

Resolved b.mypaintdressk13.com to 188.68.255.207 Server:  b.mypaintdressk13.com Gate file:  /direct/mail/order.php Alternate domains: b.dietmydartk5.com b.pixartzonek4.comb.stop2teasemek3.comb.thegamejuststarted10k12.comb.thegamejuststarted11k7.comb.thegamejuststarted12k11.comb.thegamejuststarted13k8.comb.thegamejuststarted14k9.comb.thegamejuststarted15k10.comb.uandmearevideos1k1.comb.uandmearevideos2k2.com Hosting info: http://whois.domaintools.com/188.68.255.207 Related md5s (Download samples from Malwr.com) Betabot: 9085ab7965bc67c6a8a6f2c83a22fb49

static.onlineapplicationsdownloads.com(Trojan downloader spreading via Facebook hosted in United States Ashburn Amazon.com Inc. )

By Pig, April 16, 2014
Uncategorized

Our friend aLiSs found this file via facebook. These links are spreading on facebook. hxxp://goo.gl/TUqGzM hxxp://goo.gl/PVUW3S hxxp://goo.gl/uJvgqv When u click u go to the page and then u are asked to install FlvPlayer  if u click install u are downloading FlvPlayerSetup.exe wich download and installs FlvPlayerSilent0.exe. These are domains used by this shit os.greatonlineapplications.com static.onlineapplicationsdownloads.comRead more...

informed.su(Paypal Phishing Page)

By Pig, March 2, 2014
Uncategorized

I was looking into spam area in my gmail account and i saw this mesage: Update Personal Information Dear Valued Customer,      It has come to our attention that your PayPal account information needs to be updated as part of our continuing commitment to protect your account and to reduce the instance of fraud onRead more...

ddos.do-dear.com(Linux bots hosted in China Tianjin China Unicom Tianjin Province Network)

By Pig, February 14, 2014
Uncategorized

dns: ddos.do-dear.com nick: addr: ddos.do-dear.com ip: 125.39.22.154 Longip: 2099713690 ## my @nickname = ("mIRc-KinG"); ## my $nick =$nickname[rand scalar @nickname];   my $nick =$rircname[rand scalar @rircname];   $server = 'ddos.do-dear.com' unless $server; my $port = '6668';   my $linas_max='8'; my $sleep='5';   my $homedir = "var/tmp"; my $version = ' 1,11D 11,1DoS Bot Powerd ByRead more...

ircd.freenetwork.com.ar (Linux botnet hosted in Korea, Republic Of Seoul Korea Internet Data Center)

By Pig, February 10, 2014
Uncategorized

Botnet found by X.  ircd.freenetwork.com.ar nick: addr: ircd.freenetwork.com.ar ip: 222.231.10.81 Longip: 3739683409 Server:  ircd.freenetwork.com.ar:6667 Channels: #org,#rpl,#root,#viar   Now 15 talking in #org Topic On : [ #org ] [ Don’t flood fuck || Register your nick… !!! [ SCAN ON ] || if you want to donate server,,please pm admin.. ] Hosting infos: http://whois.domaintools.com/222.231.10.81

seosaw.pw (betabot http botnet hosted by plusserver.de)

By I_Post_Ur_Info, January 29, 2014
Uncategorized

Resolved seosaw.pw to 188.138.125.103 Server:  seosaw.pw Gate file:  /wq782jwoqkQy19qkdh27hqudqj/order.php Alternate domains: microsoftgo.pw updateom.info seosaw.info googlerw.info Downloads what looks like Sefnit from hxxp://now.googlefast.pw/remote/index.php?u=48&istan Hosting info: http://whois.domaintools.com/188.138.125.103 Related md5s (Download sample from Malwr.com Betabot: daee8c5056fbbf1964588e70cb371fae Sefnit: b99ed8704716ab6ff273e3dc66fe3cfb