This is the second belgian hoster found hosting malwares that’s not good lol
Again another great contribution from our anonymous friend wich i called malware because it uses infected machines to do what he does
the bitcoin miner is downloaded from here gwassnet.co.cc/NoTouch.exe
it connects to svchost2.exe -o http://eu.triplemining.com:8344 -u trap258_gwas -p himom 111 0
UPDATE:
looks like this is Yoshi the hecker from hf lol
svchost64.exe -t 6 -o http://eu.triplemining.com:8344 -u Yoshi_Yoshi1 -p yoshi123
hosting infos:
http://whois.domaintools.com/91.198.211.27
IT – Operations
address: ICT Ventures BVBA/SPRL
address: Dewandelaerstraat 12
address: 1930 Zaventem
address: Belgium
phone: +32 2 123 45 67
fax-no: +32 2 123 45 67
Anonymous - April 28, 2012 at 11:58 pm
Pretty sure that's a legit mining pool pig. I went on their irc channel and they were more than willing to remove the botnet user login. The bitcoin software just connects to the mining pool, it doesn't have a panel.
They should probably check for botnet users, ie users with many different ips rather than waiting for reports though.
Jack - May 5, 2012 at 5:35 pm
I sent a report about this net , They forwarded the report to my ISP , My ISP thought it was them sending the report to them and sent a letter out to me with the report attached.
Anonymous - May 5, 2012 at 7:11 pm
http://cbteam.ws/
Pig - May 5, 2012 at 7:42 pm
nice i got files will post later if there is something funny inside