vvv.exp1oit.in (Andromeda http hosted by France Roubaix Ovh Sas)

Resolved vvv.exp1oit.in to 178.33.241.61 This is the new andromeda of the french guy. It is the full version with all of the plugins. Server: vvv.exp1oit.in Gate file:  /google/image.php Plugins: Formgrabber: beautyoftheworld.ca/xs/f.pack Gate file: /google/fg.php Socks: beautyoftheworld.ca/xs/s.pack Rootkit: beautyoftheworld.ca/xs/r.pack Downloads files from hxxp://jamboproducciones.com/xs/ and hxxp://ez-cs.net/dk/ He also has a new smoke loader up Server: smk.cheatgame.org Gate

ultimatecore.info (Andromeda http bot hosted by Ukraine Ukrainian Internet Names Center Ltd)

Resolved ultimatecore.info to 91.231.84.114  New andromeda from this guy. Server: ultimatecore.info Gate file: /mario/root.php This is the full version of andromeda, with all of the plugins. Plugins: Formgrabber plugin: ultimatecore.info/test/f.pack Gate file: /mario/fg.php Socks plugin: ultimatecore.info/test/s.pack Rootkit plugin: ultimatecore.info/test/r.pack Hosting infos: http://whois.domaintools.com/91.231.84.114 Edit: Plugins are now at ultimatecore.info/samuelkaptioalpha1/ I think you can guess what each

paradoxunirc.no-ip.biz (Barracuda irc bot hosted by Turkey Istanbul Radore Hosting Telekomunikasyon Hizmetleri San. Ve Tic. Ltd. Sti.)

Resolved paradoxunirc.no-ip.biz to 176.53.119.14 Server: paradoxunirc.no-ip.biz Port:  4667 Channel: #yoloswag Owner: Paradoxun This is the latest irc of the barracuda .net irc bot. After trolling around for a bit, it’s time for this one to be posted. The Authost on the bot only checks for the nick, so just wait for Paradoxun to leave, /nick

boris and hf hecker

boris a guy who idle into our irc channel irc.trolled.tv #security had a conversation with a botnet owner we had alot of fun reading now is your turn lol <boris> If you want to keep this ircd to yourself, I suggest you listen very carefully. <boris> firstly, a whois will not give you my real

supervids.net (Lilyjade script hiding behind/proxied by cloudflare)

I was looking at some of the files being installed from a recent posting, when I found something interesting. It looks like someone else is trying out lilyjade. The extensions are held in a self extracting archive and installed via a batch file. @echo off //Kill Proccess TASKKILL /F /IM firefox.exe TASKKILL /F /IM chrome.exe

204.188.227.106(dbot hosted in United States Missoula Sharktech)

IRC Server: 204.188.227.106:6667 Server Pass: m3ga2012Nick: L2-[hfqUsername: tdviyflbb Joined Channel: #ghostChannel Topic for Channel #ghost: “.scan 75 1 189.x.x.x 2 1 189.x.x.x”Private Message to Channel #ghost: “Scanning: 189.x.x.x, 75 threads. Using CFTP.” Hosting Infos: http://whois.domaintools.com/204.188.227.106

cheatmodernwarfare.com (Multiple http bots hosted by Romania Torben Diehr)

Posting some french heckers stuff Andromeda loader Server: cheatmodernwarfare.com Gate file: /xbox/image.php Rootkit plugin:  hxxp://magnatesmobileapps.com/sym/r.pack Socks plugin:  hxxp://magnatesmobileapps.com/sym/s.pack Backup domains: down4life.hopto.org explosiontaracesavatoutdechirer.chickenkiller.com fckd330.mooo.com kbot Server: h4r3.hopto.org redirects to: kb.itprosolutions.org Gate file: /joomla/gate.php Server: purenet.hopto.org Redirects to: 91.234.105.14 Gate file:  /kb/gate.php Server: smk.cheatgame.org Gate file:  /kb/gate.php Smoke loader (Currently down) Server: smk.cheatmodernwarfare.com Gate file: /s2/control.php Hostbooter