Month: June 2010

fraser.sfu.ca:6667 ip:142.58.101.25 Channel: #pr0n (Password: r00t) Now talking in #pr0n Topic On: [ #pr0n ] [] Topic By: [ sHoVe ] Registry Changes by all processes Create or Open Changes HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun “Windows Taskmager” = taskmrg.exe HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionpoliciesExplorerRun “Windows Taskmager” = taskmrg.exe HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRunServices “Windows Taskmager” = taskmrg.exe Reads HKEY_LOCAL_MACHINESOFTWAREMicrosoftCTFSystemShared “CUAS” HKEY_CURRENT_USERKeyboard LayoutToggle “Language Hotkey” HKEY_CURRENT_USERKeyboard LayoutToggle “LayoutRead more...

Remote Host Port Number 188.72.203.181 8888 ircd here 64.62.181.43 80 91.212.226.7 443 NICK {NEW}[2]5]6]6] USER 0556 “” “lol” :0556 JOIN ##bX1## PRIVMSG ##bX1## : 09File downloaded and executed. PONG :irc.BallistiX.org * The data identified by the following URL was then requested from the remote web server: o http://ballistix3.fileave.com/11229_83ddca90650ee2987c709282220538c0.exe Registry Modifications * The newly created RegistryRead more...

Remote Host Port Number 173.212.218.186 32211 193.105.207.31 80 193.105.207.32 80 221.230.2.208 80 91.188.59.197 80 93.174.92.220 80 58.59.85ae.static.theplanet.com 25 195.50.106.142 25 199.185.220.200 25 65.54.188.72 25 66.94.236.34 25 67.195.168.230 25 67.195.168.31 25 74.125.43.27 25 74.125.45.27 25 210.166.223.51 3305 ircd here pass secretpass 212.117.177.136 3954 212.117.185.40 21131 222.170.127.203 88 65.55.16.121 443 67.215.233.58 3491 NICK P|g7q3gjyde USER o4wzlowrn *Read more...

Connecting to laughing.at.your.ddos.like.looool.org (9890) and port 17000 Resolved : [laughing.at.your.ddos.like.looool.org] To [178.162.144.201] Server :Tiscali.Lover [Unreal3.2.7] Invisible Users: 2192 Operators:1 operator(s) online Channels: 23 channels formed Clients: I have 2197 clients and 0 servers Local users: Current Local Users: 2197 Max: 3217 Global users: Current Global Users: 2197 Max: 3217

Remote Host Port Number 201.40.117.44 6667 NICK n-123107 USER enuiknr 0 0 :n-123107 USERHOST n-123107 MODE n-123107 -x+B JOIN #teste NICK n-813308 USER natauv 0 0 :n-813308 USERHOST n-813308 MODE n-813308 -x+B Other details * The following ports were open in the system: Port Protocol Process 113 TCP rgysir.exe (%System%rgysir.exe) 1054 TCP rgysir.exe (%System%rgysir.exe) RegistryRead more...

Remote Host Port Number 62.193.249.122 3305 PASS secretpass NICK P|j6sobrsdi USER bho4k240z * 0 :USA|XP|822 USERHOST P|j6sobrsdi MODE P|j6sobrsdi JOIN #mm RSA Other details * The following ports were open in the system: Port Protocol Process 69 UDP unwise_.exe (%FontsDir%unwise_.exe) 1055 TCP unwise_.exe (%FontsDir%unwise_.exe) 1146 TCP unwise_.exe (%FontsDir%unwise_.exe) 1149 TCP unwise_.exe (%FontsDir%unwise_.exe) 1150 TCP unwise_.exeRead more...

Remote Host Port Number 204.0.5.41 80 204.0.5.42 80 204.0.5.48 80 204.0.5.50 80 204.0.5.51 80 204.0.5.57 80 216.178.38.103 80 216.178.38.168 80 63.135.86.23 80 63.135.86.39 80 216.246.77.59 1234 PASS xxx NICK NEW-[USA|00|P|92609] USER XP-5012 * 0 :COMPUTERNAME MODE NEW-[USA|00|P|92609] -ix JOIN #jakarta test JOIN #USA PONG irc.priv8net.com * The data identified by the following URLs was thenRead more...

Remote Host Port Number 94.76.225.88 1234 NICK n[USA|XP]6843869 USER 7028 “” “lol” :7028 JOIN #!l! PONG :2.priv8net.com a litle update here: sto.leshatuki.com 201.140.27.83 C&C Server: 201.140.27.83:1234 Server Password: Username: 1046 Nickname: n[DEU|XP]2202206 Channel: #!l! (Password: ) Channeltopic: C&C Server: 201.140.27.83:1234 Server Password: Username: 0593 Nickname: [DEU|XP]9257441 Channel: #!l! (Password: ) Channeltopic: Registry Modifications * TheRead more...

Remote Host Port Number 64.32.13.143 6667 MODE {XPUSA550829} -ix JOIN #imagesnice PONG irc.priv8net.com Registry Modifications * The newly created Registry Values are: o [HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun] + Windows Services = “service.exe” so that service.exe runs every time Windows starts o [HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionRun] + Windows Update = “%Temp%service.exe” so that service.exe runs every time Windows starts Memory Modifications *Read more...