Month: May 2009

# Outgoing Connections o IRC Data + User Name: mmmxi + Host Name: 0 + Server Name: + Real Name: USA|27238 + Nick Name: USA|27238 + Non RFC Conform: 1 # Channel * Name: #YiB * Topic Deleted: C:windowssystemsdffgds.exe 1 # Private Message Deleted * Value: :NLD|56221!vacza@ PRIVMSG #YiB :[DOWNLOAD]: Downloaded 492.5 KB

Remote Host Port 3211 PASS serverpasswordNICK phqqwignUSER phqqwign * 0 :COMPUTERNAME

PASS noneNICK [USA|XP]-COMPUTERNAME-[rD2d3]USER cr4ckr0x * 0 :[USA|XP]MODE [USA|XP] -ixJOIN #r00t md5r00tMODE #r00t -ix Interesting ports on shown: 1674 filtered portsPORT STATE SERVICE VERSION21/tcp open ftp ProFTPD 1.3.1rc122/tcp open ssh OpenSSH 3.8.1p1 (FreeBSD 20040419; protocol 2.0)80/tcp open http-proxy Squid webproxy 2.5.STABLE6113/tcp open ident FreeBSD identd3333/tcp open eggdrop Eggdrop irc bot console 1.6.19 (botname: NoRespect)4321/tcp open : [] To [] Host Port 8080NICK UserName35USER UserName35 “” “” :UserName Interesting ports on ( shown: 1663 closed portsPORT STATE SERVICE VERSION21/tcp open ftp vsftpd or WU-FTPD22/tcp open tcpwrapped25/tcp open smtp Postfix smtpd53/tcp open domain80/tcp open http-proxy Squid webproxy 2.5.STABLE6113/tcp open auth?1986/tcp open irc Unreal ircd1988/tcp open irc Unreal ircd3306/tcp open mysql MySQL 5.0.32-Debian_7etch10-log6667/tcp open [00|USA|603255]Server Pass: letmeinchanel=bot pass open hwbicxUsername: umwttvServer Pass: pwnedJoined Channel: #p00t with Password KillerZ2009

Resolved :[]To []Resolved :[]To []Resolved :[]To [] 4244 #!n95! pass: 8gb vnc scaner bot) Invisible Users: 356[Operators: 8 operator(s) online[Channels: 30 channels formed[Clients: I have 372 clients and 1 servers[Local users: Current Local Users: 372 Max: 482[Global users: Current Global Users: 380 Max: 482 chanel=##kingz#Now talking in ##kingz#12[Topic On: [ ##kingz# ] [ .vncstop .xpl 45 0 65 -b 3 .p2p .rarworm ]12[Topic By: [ Jet ]12[Modes On:

systemerror-[Brut VNC]-by system VNC botnet

To mark the presence in the system, the following Mutex object was created:systemerror-[Brut VNC]-by system PASS systemNICK [00|USA|XP|SP2]-1913USER wzlkay 0 0 :[00|USA|XP|SP2]-1913USERHOST [00|USA|XP|SP2]-1913MODE [00|USA|XP|SP2]-1913 +xJOIN #zoio systemNOTICE [00|USA|XP|SP2]-1913 :.VERSION Ime A Fuck U Bot-And Ime Here To Fuck U Up.PRIVMSG #zoio :.9-.1::.0[.12 System brute r0x.0 ].1::.9-. Status: Ready. Bot Uptime: 0d 0h 0mPRIVMSG #zoio :.9-.1::.0[.12