Month: December 2011

uniquefraud.org(underground criminal lamers hosted in 2×4.ru)

today i found this email in my spams de admin@uniquefraud.org via sec5127.2×4.ru à my email date 30 décembre 2011 22:52 objet News UniqueFraud envoyé par sec5127.2×4.ru masquer les détails 22:52 (Il y a 19 heures) Letze Chance 2011 Wer möchte Sie nutzen? Komme vorbei und mach dir einen Account Wir freuen uns Die Registrierung ist

64mb malware samples

This is another package with malware samples collected during my free time Inside u have alot of banking trojan samples,ngrBot samples,mirc bots samples etc have fun exploring Download

208.67.252.2(irc botnet hosted in United States Denver Rocketeermedia.com)

Remote Host Port Number 208.67.252.2 2345 NICK New[USA|00|P|29713] PRIVMSG #!loco! :[M]: Thread Disabled. PRIVMSG #!loco! :[M]: Thread Activated: Sending Message With Email. USER XP-2551 * 0 :COMPUTERNAME MODE New[USA|00|P|29713] -ix JOIN #!loco! PONG 22 MOTD hosting infos: http://whois.domaintools.com/208.67.252.2

irc.amet12.cjb.net(irc botnet hosted in Peru Lima Telefonica Del Peru S.a.a)

Resolved : [irc.amet12.cjb.net] To [200.48.201.149] 200.48.201.149 4244 PASS google_cache2.tmp NICK new[iRooT-XP-USA]861309 USER 8613 “” “TsGh” :8613 JOIN #!N!# WTF PRIVMSG #!N!# :http://kajmak1.bloger.hr Has Been Visited! exe file: Download hosting infos: http://whois.domaintools.com/200.48.201.149

mw8.no-ip.info(irc botnet hosted in Netherlands Worldstream)

Resolved : [mw8.no-ip.info] To [217.23.4.65] Remote Host Port Number 217.23.4.65 6667 PASS google_cache2.tmp NICK new[iRooT-XP-USA]392156 USER 4337 “” “TsGh” :4337 JOIN #Bawse PONG :irc.priv8net.com hosting infos: http://whois.domaintools.com/217.23.4.65

blackicejoker.no-ip.biz(VertexNet hosted in Seychelles Ideal Solution Ltd)

blackicejoker.no-ip.biz 193.107.17.47 Download URLs http://193.107.17.47/VertexNet/tasks.php?uid={46774bc0-fe5b-11d5-9480-806d6172696f-1394498804} (blackicejoker.no-ip.biz) http://193.107.17.47/VertexNet/adduser.php?uid={46774bc0-fe5b-11d5-9480-806d6172696f-1394498804}&lan=10.1.8.2&cmpname=DELL-D3E62F7E26%20[Administrator]&country=Deutsch%20(Deutschland)%20+49&cc=DE&idle=9376&ver=v1.2 (blackicejoker.no-ip.biz) hosting infos: http://whois.domaintools.com/193.107.17.47

193.107.16.114(ngrBot hosted in Seychelles Ideal Solution Ltd)

Remote Host Port Number 193.107.16.114 1863 PASS ngrBot 199.15.234.7 80 65.110.60.20 80 NICK n{US|XPa}tuoheyk USER tuoheyk 0 0 :tuoheyk JOIN #rjr RjR PRIVMSG #rjr :[DNS]: Blocked 0 domain(s) – Redirected 4 domain(s) hosting infos: http://whois.domaintools.com/193.107.16.114

jayian.com(irc botnet hosted in United States Kenmore Sentris Network Llc)

Resolved : [jayian.com] To [76.191.112.53] Remote Host Port Number 76.191.112.53 1866 NICK n[USA|XP|COMPUTERNAME]qfilxzg USER hh “” “lol” :hh JOIN #!h! PONG 422 Now talking in #!h! Topic On: [ #!h! ] [ ] Topic By: [ xx ] UPDATE: Remote Host Port Number 199.15.234.7 80 69.163.148.162 80 76.191.112.53 2087 PASS carmex PRIVMSG #!s! :[DNS]: Blocked

xxlaa.com(ngrBot hosted in Russian Federation Selectel Ltd)

My estimation for this botnet size is 30-50k aproximatly Domains used to control bots: xxlaa.com active Sabukenke.com not active Alufina.com not activ xxlss.com not active xxlcc.com not active Resolved : [xxlaa.com] To [31.186.102.170] C&C Server: 222.187.221.243:7777 PASS laekin0505x Server Password: Username: ynuvlog Nickname: n{DE|XPa}ynuvlog Channel: (Password: ) Channeltopic: C&C Server: 31.186.102.170:7777 PASS laekin0505x Server Password: