(Barracuda ircbotnet hosted by Luxembourg Luxembourg Root Sa)

Resolved to Server: Ports: 1337,4667 (bots connect on 4667) Channel: #xxploasion Channel passoword: Rebels2012 Channel: #hflove Channel passoword: inspiron Connects using the no-ip Channel: #gavin0hanson Channel password: hanson911  Channel          Users   Topic  #xxploasion      4       [+sntu]  #hflove          45      [+s]  #gavin0hanson    53      [+sntu]  This irc server is similar to in that is it (smoke loader http bot hosted by Poland Artnet Spolka Z Ograniczona Odpowiedzialnoscia)

This is the http loader for the gold installs ppi program. Resolved to Server: Gate file: /gamenew/index.php Downloads files from minsabdedf.exe bitcoin miner pool info: ginamdasm.exe The file botnet owners are given installs smoke from hxxp:// Install statistics are then recorded by Using the format  activation.php?productid=(userid)&serial=(long string)  Hosting infos: (ngrbot irc botnet hosted by 1&1 Internet Ag)

Note: New domains are at the bottom of the post This is the skype “worm” that is in the news right now Articles: Resolved to,,,,,, Server: Port: 1863 Password: 24r34t SSL is needed to connect, accept the invalid certificate Authhost: bossman (Irc botnets hosted by Canada Montreal Ovh Hosting Inc.)

Resolved to Server: Port: 6969 Channel: #karmie# Channel password: 1234 Nick: [USA|XP|gjetth] Topic for #karmie# is: @dl 1 hxxp:// Topic for #karmie# set by God at Sun Oct 07 13:42:09 2012 Opers: [Boss] (Anxiety@HaZe.GoV): Anxiety [Boss] ~#karmie# [Boss] irc.HaZe.GoV :HaZeNet [Boss] idle 12:09:34, signon: Mon Oct 08 00:16:30 [Boss] End of WHOIS (Ganja ircbot hosted by United States St. Louis Hosting Solutions International Inc)

Resolved to Server: Port: 6697 * Current Local Users: 34  Max: 40 * Current Global Users: 34  Max: 40 Channel: #Ganja * Topic for #Ganja is: DO NOT USE THE SPEEDTEST COMMAND! * Topic for #Ganja set by Anxiety at Sat Oct 06 02:54:30 2012 Opers: * [Anxiety] ( Anxiety * [Anxiety] (Rage bots hosted by Czech Republic Zlin

Server: Port: 7777 Channel: #rage * Topic for #rage is: .b0tk1ller 30 .p2p .rarworm .xpl 75 1 75.x.x.x 3 1 76.x.x.x * Topic for #rage set by cyberthrill at Wed Oct 03 13:55:03 2012 Nick format: L0v3|fQrHrWbarp Opers: * [BGChaser] ( Ares * [BGChaser] @#rinfo @#binfo #rscan @#rage @#bkiller #b * [BGChaser] :Server (voip scanning botnet hosted by United States Missoula Sharktech)

I found this recently and though it was interesting enough to post. It’s a http controlled botnet used to scan for voip servers. Malware actionsTells the C&C server it has installed208.98.52.163/90/getip.php?action=liveRequests an ip segement to scan208.98.52.163/90/getip.php?action=getDownloads and installs python (Needed for the scanner)hxxp:// range to be scanned is confirmed208.98.52.163/90/insert.php?action=online&computer=USER-PC&range= utility is downloadedhxxp:// is downloadedhxxp:// malware botnet hosted in United States Washington Psinet Inc).

Resolved : [] To [] Remote Host                 Port Number   3900    PASS zomg NICK banzlUSER ypawhj 0 0 :banzlUSERHOST banzlMODE banzl -x+iBJOIN ###bye### byeeeeeNICK pfyfxdUSER bagjsml 0 0 :pfyfxdUSERHOST pfyfxdMODE pfyfxd -x+iBNICK jyptraxUSER xncqm 0 0 :jyptraxUSERHOST jyptraxMODE jyptrax -x+iBNICK peajiUSER etngec 0 0 :peajiUSERHOST