Month: January 2011

Remote Host Port Number 46.4.253.146 5337 72.233.89.199 80 91.198.22.70 80 NICK {iNF-00-USA-XP-COMP-2586} PONG irc.NaDe.gov USER blaze * 0 :COMP JOIN #go anal NICK {00-USA-XP-COMP-2179} infos about hosting: http://whois.domaintools.com/46.4.253.146

Remote Host Port Number 74.125.227.14 80 74.125.227.18 80 74.125.45.95 80 75.126.182.187 80 95.154.237.217 80 95.154.237.228 6667 PASS timu MODE USA|94511 -x+i JOIN #1 timu USERHOST USA|94511 PRIVMSG #debug# :- shell – File opened: http://www.google.com.tr/url?sa=t&source=web&cd=138&ved=0CDEQFjAHOIIB&url=http%3A%2F%2Fwww.sexvakti.net%2Findex.php&rct=j&q=sex&ei=kYfKTIOCEoPP4AaV7tGlAQ&usg=AFQjCNHhxjnrUoycbGAQF_KuQWXRUAgZzg&cad=rja PRIVMSG #1 :- psniff – No Carnivore thread found. NICK USA|94511 USER ckobptz 0 0 :USA|94511 infos about hosting: http://whois.domaintools.com/95.154.237.228

here u have another malwares package around 18mb most of them are banking trojans have fun Download: http://502ccd73.tinylinks.co

Control Panel:http://80.91.191.156/boss/ exe here:http://80.91.191.156/boss/bin/jupdate.exe infos about hosting: http://whois.domaintools.com/80.91.191.156

Resolved : [us2.holdbaby.com] To [174.121.110.122] Remote Host Port Number 174.121.110.122 8800 208.82.236.129 80 208.82.238.129 80 67.212.77.13 80 Registry Modifications * The newly created Registry Values are: o [HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionWinlogon] + Taskman = “C:RECYCLERS-1-5-21-0243556031-888888379-781863308-1191wdfewi.exe” so that wdfewi.exe runs every time Windows starts o [HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionRun] + Bfwe = “C:RECYCLERS-1-5-21-0243556031-888888379-781863308-1191wdfewi.exe” so that wdfewi.exe runs every time Windows startsRead more...

a.bestplay2010.com DNS_TYPE_A IP’s 109.196.142.66 109.196.142.58 port:5901 109.196.142.66:5901 PASS eee Data sent: 4b43 494b 2063 796d 7271 666a 6f0d 0a72 KCIK cymrqfjo..r 7373 7220 6d67 7670 6f79 6f79 2022 2220 ssr mgvpoyoy “” 2265 736d 2220 3a6d 6776 706f 796f 790d “esm” :mgvpoyoy. 0a . Data received: 3a49 5243 2149 5243 4068 7562 2e75 732e :IRC!IRC@hub.us.Read more...

– DNS Queries:p34s3.hmarhelo.com Resolved : [p34s3.hmarhelo.com] To [209.90.137.221] Resolved : [p34s3.hmarhelo.com] To [209.90.137.222] Resolved : [p34s3.hmarhelo.com] To [209.90.137.224] Resolved : [p34s3.hmarhelo.com] To [209.90.137.223] port:1199 Anubis scan: http://anubis.iseclab.org/?action=result&task_id=16e217e8f63db0d846dcdfb341c870529&format=html infos about hosting: http://whois.domaintools.com/209.90.137.223

Remote Host Port Number 87.98.179.1 25 87.98.179.1 6667 NICK [UserName|821|United-States] NICK username1 PONG :4CA947ED PRIVMSG #barbiesrule :kh12795@gmail.com USER Win32-Liquid Victim #821 * :http://liquid-security.net JOIN #barbiesrule 3l173 PRIVMSG #barbiesrule :[Screenshot] Screen capture sent to kh12795@gmail.com. PRIVMSG #barbiesrule :[Login] I’m already owned by Shockwave! NICK [UserName|7114|United-States] PRIVMSG #barbiesrule :[Login] I’m at your service, Shockwave. Now talking inRead more...

Remote Host Port Number 216.178.38.224 80 63.135.80.46 80 64.208.241.41 80 66.220.149.11 80 64.27.1.118 1866 PASS xxx NICK NEW-[USA|00|P|81244] USER XP-1086 * 0 :COMPUTERNAME MODE NEW-[USA|00|P|81244] -ix JOIN #!high! test PONG 22 MOTD infos about hosting: http://whois.domaintools.com/64.27.1.118

56youku.3322.org DNS_TYPE_A 183.7.66.173 – TCP Connection Attempts:183.7.66.173:8000 Suspicious Actions Detected Copies self to other locations Creates and executes scripts Creates files in windows system directory Creates system services or drivers exe file : http://ct.ftpvpn.info:3355/yuhaimin/windsca.exe anubis scan: http://anubis.iseclab.org/?action=result&task_id=1ef1923bf055827246da05311ccd4a263&format=html info about hosting: http://whois.domaintools.com/183.7.66.173