So if you have been following my posts on this blog, you may have noticed a large number of posts about the “betabot” malware. Betabot is a http bot which is sold on hackforums.net. Despite a number of complaints about serious stability issues, it has become popular with some of the more dedicated script kiddyRead more...
img152200.servepics.com (Smoke loader hosted by kimsufi.com)
Resolved img152200.servepics.com to 94.23.213.78 Server: img152200.servepics.com Gate file: /x3/index.php This is h4r3’s smoke, he has his andromeda hosted on the same server. Hosting infos: http://whois.domaintools.com/94.23.213.78
bid.consulting-info.eu (Click fraud botnet hosted by quadranet.com)
Resolved bid.consulting-info.eu to s1.fclick.org (cname) Resolved s1.fclick.org to 96.44.149.187 Server: bid.consulting-info.eu Gate file: /feed/xml.php?uid=219 More click fraud courtesy of french hecker h4r3. This time it looks a bit more sophisticated though. I’m assuming this is an affiliate program as while it’s using h4r3’s domain it points to another site. If you search forRead more...
honey.punked.us (Andromeda http botnet hosted by kimsufi.com
Resolved honey.punked.us to 94.23.213.78 Server: honey.punked.us Gate file: /sex/image.php Plugins Rootkit: http://doncarlosmayorista.com/.sec/r.pack Socks: http://doncarlosmayorista.com/.sec/s.pack Formgrabber: http://doncarlosmayorista.com/.sec/f.pack Gate file: honey.punked.us/sex/fg.php This is the new andromeda of the french hecker h4r3. Now he’s using cracked andromeda with free domains. Hosting infos: http://whois.domaintools.com/94.23.213.78
zxz.consulting-info.eu (Multiple http botnets hosted by France Roubaix Ovh Sas)
Resolved zxz.consulting-info.eu to 5.39.71.80 This is the french hecker known as h4r3 who has been posted before Andromeda This is the same andromeda net that was posted before, just with the rest of the domains. Previous/disabled domains vvv.exp1oit.in xxx.be-shopping.net Current domain: zxz.consulting-info.eu Gate file: /service/image.php Plugins: Rootkit: tbontepaard.nl/gllr/r.pack Socks: tbontepaard.nl/gllr/s.pack kbot Server: zxz.consulting-info.eu GateRead more...
vvv.exp1oit.in (Andromeda http hosted by France Roubaix Ovh Sas)
Resolved vvv.exp1oit.in to 178.33.241.61 This is the new andromeda of the french guy. It is the full version with all of the plugins. Server: vvv.exp1oit.in Gate file: /google/image.php Plugins: Formgrabber: beautyoftheworld.ca/xs/f.pack Gate file: /google/fg.php Socks: beautyoftheworld.ca/xs/s.pack Rootkit: beautyoftheworld.ca/xs/r.pack Downloads files from hxxp://jamboproducciones.com/xs/ and hxxp://ez-cs.net/dk/ He also has a new smoke loader up Server: smk.cheatgame.org GateRead more...
cheatmodernwarfare.com (Multiple http bots hosted by Romania Torben Diehr)
Posting some french heckers stuff Andromeda loader Server: cheatmodernwarfare.com Gate file: /xbox/image.php Rootkit plugin: hxxp://magnatesmobileapps.com/sym/r.pack Socks plugin: hxxp://magnatesmobileapps.com/sym/s.pack Backup domains: down4life.hopto.org explosiontaracesavatoutdechirer.chickenkiller.com fckd330.mooo.com kbot Server: h4r3.hopto.org redirects to: kb.itprosolutions.org Gate file: /joomla/gate.php Server: purenet.hopto.org Redirects to: 91.234.105.14 Gate file: /kb/gate.php Server: smk.cheatgame.org Gate file: /kb/gate.php Smoke loader (Currently down) Server: smk.cheatmodernwarfare.com Gate file: /s2/control.php HostbooterRead more...
bb.qc.to (IRC botnets hosted by France Roubaix Ovh Systems)
Resolved bb.qc.to to 37.59.35.104 Server: bb.qc.to Port: 7356 Password: d0wn * There are 1 users and 896 invisible on 1 servers * 4 :unknown connection(s) * 41 :channels formed * I have 897 clients and 0 servers * Current Local Users: 897 Max: 1356 * Current Global Users: 897 Max: 1356 Channel: #d0wn4l1f3 Pass: downRead more...