188.116.52.163(linux botnet hosted in Poland Www.hitme.net.pl)

var $config = array(“server”=>”188.116.52.163”, “port”=>”31336”, “pass”=>”haslo”, “prefix”=>”php”, “maxrand”=>”3”, “chan”=>”#php”, “chan2″=>”#php”, “key”=>””, “modes”=>”+ps”, “password”=>”haslo”, “trigger”=>”.”, “hostauth”=>”x” infos about hosting: http://whois.domaintools.com/188.116.52.163

178.128.20.63(irc botnet hosted in Greece Athens Adsl Llu Pools)

Remote Host Port Number 178.128.20.63 7000 NICK USA|36783 USER fwpsjp 0 0 :USA|36783 NICK USA|11944 USER feoyav 0 0 :USA|11944 PONG :57792AC7 JOIN #rz# rZr NICK USA|08856 USER gbsyyn 0 0 :USA|08856 PONG :11A5539E NICK USA|67223 USER wzdqva 0 0 :USA|67223 PONG :95FA734D NICK USA|43011 USER jaqbt 0 0 :USA|43011 PONG :A3F477DC NICK USA|16716 USER

updatewin.milicija.org(irc botnet hosted in United States Chicago Hostforweb Inc)

Remote Host Port Number 205.234.222.78 1866 NICK n[USA|XP|COMPUTERNAME]xpxylcy USER hh “” “lol” :hh JOIN #!g! PONG 422 * Now talking in #!g! * Topic is ‘im. /99/106/112/81/55/59/40/107/104/125/126/36/102/125/116/102/116/103/115/126/39/116/100/75/12/113/114/123/109/114/106/85/108/106/106/69/46/101/104/65/127/98/108/105/103/101/107/103/98/103/99/55/84/78/123/39/125/70/44/79/71/90/110/51/42/49/44/20/36/61/31/46/108/121/109/ ‘ * Set by ex on Thu Apr 21 11:56:06 * IceStorm (IceStorm@fatalz.edu) Quit (Connection reset by fatalz) infos about hosting: http://whois.domaintools.com/205.234.222.78

sERveR-7.rUPoRno.Tv(Trojan droper hosted in Czech Republic Upl Telecom)

– DNS Queries: sERveR-7.rUPoRno.Tv DNS_TYPE_A 78.108.178.135 YES TCP Traffic: 78.108.178.135:444 State: Normal establishment and termination – Transferred outbound Bytes: 137 – Transferred inbound Bytes: 52 exe file: http://f15ad783.goneviral.com infos about hosting: http://whois.domaintools.com/78.108.178.135

irc.chimon.us(irc botnet hosted in Netherlands Amsterdam Denkers Ict – Ipv4 Infrastructure)

Remote Host Port Number 46.21.169.42 6567 PASS s1m0n3t4 70.38.98.238 80 MODE [SI|USA|00|P|96374] -ix JOIN #update# c1rc0dusoleil PRIVMSG #update# :[Dl]: File download: 92.0KB to: C:DOCUME~1UserNameLOCALS~1Temperaseme_15573.exe @ 92.0KB/sec. QUIT [Update]: Updating to new bin. NICK [SI|USA|00|P|32275] USER XP-5843 * 0 :COMPUTERNAME MODE [SI|USA|00|P|32275] -ix JOIN #sax# c1rc0dusoleil NICK [SI|USA|00|P|96374] USER XP-3818 * 0 :COMPUTERNAME exe file: http://80dfeb1f.miniurls.co

91.215.159.137(irc botnet hosted in Netherlands Amsterdam Infinite Technologies Internet Solutions Limited)

Remote Host Port Number 213.251.170.52 80 64.62.181.43 80 66.63.184.226 80 74.125.227.0 80 74.125.227.12 80 74.125.227.26 80 74.125.227.28 80 74.125.227.3 80 74.125.227.8 80 74.125.47.132 80 75.102.22.40 1866 PASS ngrBot 91.215.159.137 1866 PASS ngrBot PRIVMSG #!hot! :[MSN]: Updated MSN spread interval to “2” PRIVMSG #!hot! :[Visit]: Visited “http://www.ehsan.org.sa/abr/” PRIVMSG #!hot! :[d=”http://64.62.181.43/krstkrst/zaba.exe” s=”81920 bytes”] Executed file “C:Documents and