213.229.107.27(botnet hosted in United Kingdom Canonical Range For Bs2-hp1-le)

Remote Host Port Number
213.229.107.27 2345 PASS xxx
213.229.107.27 1234 PASS xxx
216.178.38.224 80

216.178.39.11 80

64.208.241.41 80

MODE NEW-[USA|00|P|31622] -ix
JOIN #!gf! test
PONG 22 MOTD
NICK NEW-[USA|00|P|31622]
USER XP-0160 * 0 :COMPUTERNAME

UPDATE:
NICK NEW-[USA|00|P|94381]
USER XP-5513 * 0 :COMPUTERNAME
MODE NEW-[USA|00|P|94381] -ix
JOIN #!nn! test
PONG 22 MOTD

Note:
Capability to manipulate a user list control in instant messenger (IM) programs such as AOL, Yahoo! Messenger, Skype. An affected user’s contact list could be used by an IM worm in order to replicate over the IM network.

exe file:
http://7e439ab3.goneviral.com

virustotal scan:
http://www.virustotal.com/file-scan/report.html?id=55ac345854753b4680007adad3ae2a853642e99b43dd71ad4d2e4aa621fff907-1302434018

infos about hosting:
http://whois.domaintools.com/213.229.107.27

Categories: Uncategorized