Month: April 2009


Interesting ports on 1631 ports scanned but not shown below are in state: closed)PORT STATE SERVICE VERSION21/tcp open ftp ProFTPD 1.3.022/tcp open ssh OpenSSH 4.3p2 (protocol 2.0)69/tcp filtered tftp111/tcp filtered rpcbind135/tcp filtered msrpc137/tcp filtered netbios-ns138/tcp filtered netbios-dgm139/tcp filtered netbios-ssn194/tcp filtered irc445/tcp filtered microsoft-ds529/tcp filtered irc-serv593/tcp filtered http-rpc-epmap800/tcp filtered mdbs_daemon994/tcp filtered ircs1025/tcp filtered NFS-or-IIS1026/tcp filteredRead more...

Uncategorized (6667)chanel #Owned topic=Zero is a homoChannels: 4 channels formedLocal users: Current Local Users: 20 Max: 201Global users: Current Global Users: 20 Max: 84

new net


Outgoing ConnectionsTransport Protocol: TCPRemote Address: Port: 6667Connection Established: 0Socket: 44 Is protected with Themida in order to prevent the sample from being reverse-engineered. Themida protection can potentially be used by a threat to complicate the manual threat analysis (e.g. the sample would not run under the Virtual Machine). A network-aware worm that uses knownRead more...

Botnet server


Outgoing Connectionso Transport Protocol: TCPo Remote Address: Remote Port: 6697o Connection Established: 0o Socket: 1656


* Outgoing Connectionso Transport Protocol: TCPo Remote Address: Remote Port: 1986o Connection Established: 0o Socket: 1668 DNS_TYPE_A DNS_TYPE_A Nick: [00|USA|166110]Username: XP-9269Joined Channel: #!mh! with Password r0xChannel Topic for Channel #!mh!: “D “Channel Topic for Channel #!mh!: “P “Private Message to Channel #!mh!: “msn// Thread Activated: Sending Message.”Private Message toRead more...

Uncategorized (4244)– DNS Nick: [00|USA|884551]Username: XP-9872Server Pass: letmeinJoined Channel: ##dR## with Password bole

Small network

Uncategorized [00|USA|241365]Username: XP-9968/j #!mh! r0xChannel Topic “P”#!mh!: “msn// Thread Activated: Sending Message.”#!mh!: “msn// Thread Disabled.”[00|USA|241365]: “.login version -s”[00|USA|241365]: “.r.getfile c:rtz.exe 1 -s”