Month: October 2010

Remote Host Port Number r0x.botsgod.info 4949 Resolved : [r0x.botsgod.info] To [92.243.28.194] Resolved : [r0x.botsgod.info] To [217.70.188.30] Resolved : [r0x.botsgod.info] To [95.142.163.184] PASS VrX NICK [USA][XP-SP2]644230 USER VirUs “” “lol” :My_Name_iS_PIG_and_Iam_A_GaY1854 JOIN #r0x# VrX NICK {NOVA}[USA][XP-SP2]733340 USER VirUs “” “lol” :My_Name_iS_PIG_and_Iam_A_GaY8868 NICK [USA][XP-SP2]350911 USER VirUs “” “lol” :My_Name_iS_PIG_and_Iam_A_GaY0505 * To mark the presence in the system,Read more...

Remote Host Port Number 184.73.209.168 80 204.0.5.41 80 204.0.5.42 80 204.0.5.48 80 204.0.5.51 80 204.0.5.58 80 204.0.5.59 80 208.43.117.134 80 216.178.38.168 80 63.135.80.58 80 202.157.176.20 1234 PASS xxx JOIN #!nn! test MODE NEW-[USA|00|P|50950] -ix PONG 22 MOTD PONG get.lost NICK NEW-[USA|00|P|50950] USER XP-8403 * 0 :COMPUTERNAME Now talking in #!nn! Topic On: [ #!nn! ]Read more...

Remote Host Port Number 184.73.209.168 80 204.0.5.41 80 204.0.5.42 80 204.0.5.48 80 204.0.5.51 80 204.0.5.57 80 204.0.5.58 80 204.0.5.59 80 208.71.125.131 80 216.178.38.168 80 66.225.241.182 2345 PASS xxx NICK NEW-[USA|00|P|78655] USER XP-9188 * 0 :COMPUTERNAME MODE NEW-[USA|00|P|78655] -ix JOIN #!gf! test PONG 22 MOTD Now talking in #!gf! Topic On: [ #!gf! ] [ .m.s|.m.eRead more...

Resolved : [login.ipwhois.co.uk] To [195.3.145.182] NICK {XPUSA528985} USER COMPUTERNAME * 0 :COMPUTERNAME * To mark the presence in the system, the following Mutex object was created: o adsaxf * The following port was open in the system: Port Protocol Process 1034 TCP servicese.exe (%Temp%servicese.exe) * The following Host Name was requested from a host database:Read more...

Remote Host Port Number 112.78.112.208 80 195.2.252.21 80 204.45.118.250 80 204.45.121.50 80 218.85.133.201 80 123.0.41.218 3128 24.63.206.135 3128 62.103.174.192 3128 82.38.141.57 3128 204.45.85.218 57221 PASS laorosr 209.90.137.223 1199 USER SP2-743 * 0 :COMPUTERNAME MODE #! -ix MODE #Ma -ix MODE [N00_USA_XP_7728388] @ -ix MODE #dpi -ix 00000000 | 5041 5353 206C 616F 726F 7372 0D0ARead more...

formosa.notengodominio.com 184.106.215.31 C&C Server: 184.106.215.31:6667 Server Password: Username: DELL-D3E62F7E26 Nickname: {XPDEU494207} Channel: ##fuds9## (Password: ) Channeltopic: C&C Server: 184.106.215.31:6667 Server Password: Username: DELL-D3E62F7E26 Nickname: {XPDEU485738} Channel: ##fuds9## (Password: ) Channeltopic: Registry Changes by all processes Create or Open Changes HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionRun “Windows Update” = C:DOKUME~1ADMINI~1LOKALE~1Tempservice.exe HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun “Windows Services” = service.exe HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionRun “Windows Update” = C:DOKUME~1ADMINI~1LOKALE~1Tempservice.exe ReadsRead more...

Remote Host Port Number ate.lacoctelera.net 1034 Other details * To mark the presence in the system, the following Mutex objects were created: o Micro Upe o oleacc-msaa-loaded o _!SHMSFTHISTORY!_ * The following Host Names were requested from a host database: o astro.ic.ac.uk o ale.pakibili.com o versatek.com o journalofaccountancy.com o transnationale.org o mas.0730ip.com o bejsis.com oRead more...

kuwait.arabgroup.org 204.188.240.50 Opened listening TCP connection on port: 113 C&C Server: 204.188.240.50:3232 Server Password: Username: xxzag Nickname: DEU|XP|SP3|00|40038 Channel: #drhackers1# (Password: ) Channeltopic: :.advscan asn445 100 9 0 -r -b

Remote Host Port Number 46.4.229.246 51987 USER rA rA rA rA NICK [rA|USA|XP|26962] JOIN #Scope# nokey PRIVMSG #Scope# : 4New bot for Scope PING :IRC.Secret.GoV Other details * The following port was open in the system: Port Protocol Process 1054 TCP lsass.exe (%AppData%lsass.exe) Registry Modifications * The newly created Registry Value is: o [HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionRun] +Read more...

Resolved : [ogard.shannen.cc] To [95.142.163.184] Resolved : [ogard.shannen.cc] To [92.243.28.194] * The following Host Names were requested from a host database: o ogard.shannen.cc o Ogard.helldark.biz o ogard.ircdevils.net PASS Virus NICK VirUs-vxbscaka USER VirUs “” “xdm” : .8,1..8Coded .4By .8VirUs.. Registry Modifications * The following Registry Key was created: o HKEY_LOCAL_MACHINESOFTWAREMicrosoftActive SetupInstalled Components{67KLN5J0-4OPM-00WE-AAX5-74CC2A322142} * The newlyRead more...