dinosaur.no-ip.org (Andromeda and barracuda http botnets hosted by Russian Federation Moscow Pallada Web Service Llc)

Resolved dinosaur.no-ip.org to I’ve been watching the barracuda for a while, and when I saw it load the andromeda I decided to post them both. Andromeda Server:   dinosaur.no-ip.org Gate file:   /andr/image.php  Plugins Rootkit:  dinosaur.no-ip.org/andr/r.pack Socks:  dinosaur.no-ip.org/andr/s.pack Formgrabber:  dinosaur.no-ip.org/andr/f.pack    Gate file:  dinosaur.no-ip.org/andr/fg.php Barracuda http Server:  dinosaur.no-ip.org Gate file:  dinosaur.no-ip.org/drgordon512/bot.php Here are some

boat.trixi-diablolik.com(irc botnet hosted in United States Baltimore Gandi Us Inc.)

This server is owned by serbian skid Root Map: irc.MiloDjukanovic.net (9) Numeric ID: i dont have the executable to find channels so feel free to post them here if u find them server:boat.trixi-diablolik.com port:6667 PASS 0 NICK [A|W_XP|x32|1]gjywth USER 14628 8 * :41909 Local users: Current Local Users: 9 Max: 1017Global users: Current Global Users: (Andromeda http botnet hosted by Romania Voxility S.r.l.)

The laziest skids don’t even bother getting a domain at all. Why hello Nicolas Moses. What do you have for us today? It’s andromeda again, this time hosted on a windows vps. Server: Gate file:  /andro/image.php EDIT: Oh hey, bitcoin mining. Glad to see you’re still keeping the same old password. daily500:nigger123456@pool.bitclockers.com:8332 Also a

uberchat.no-ip.biz (Andromeda http botnet hosted by Romania Voxility S.r.l.)

Resolved uberchat.no-ip.biz to Yet another cracked andromeda. Skids don’t even bother to get a real domain for it. Server:   uberchat.no-ip.biz Gate file:  /chat/image.php Clicking on adf.ly links, someone’s clearly trying to make some big bucks. public void adfly() { this.WebBrowser1.Navigate(“http://adf.ly/FHZcZ”); } Hosting infos: http://whois.domaintools.com/

keep.hustling4life.biz (Bitcoin mining pool for botnet)

Resolved keep.hustling4life.biz to,, Someone is trying to get some mining done before the mining reward drops I guess. The file is from an already posted botnet. * Topic for #mr is: !dl hxxp:// * Topic for #mr set by test at Mon Nov 26 04:52:40 2012 Server:  keep.hustling4life.biz Port:  2142 Mining information:

suckmadick.in (irc botnet hosted by Germany Karlsruhe 1&1 Internet Ag)

Resolved suckmadick.in to Server:   suckmadick.in Port:  5050 Channel:  #m Topic for #m is: .j #send .j #st .d /100/97/111/124/49/59/47/48/60/38/37/19/33/49/51/32/60/49/41/62/101/119/56/105/103/109/ Topic for #m set by x at Sat Nov 24 10:21:05 2012 Channel:  #send Topic for #send is: .s.on /100/97/111/124/49/59/47/127/124/127/58/64/127/122/102/114/119/114/112/112/114/116/101/34/124/103/104/10/115/103/52/117/91/109/ /100/97/111/124/49/59/47/127/124/127/58/64/127/122/102/114/119/114/112/112/114/116/101/34/124/103/104/10/ 204 f9555c Topic for #send set by x at Sat Nov 24 13:15:33