mikimouse.net (ngrbot irc botnet hosted by yisp.nl)

Resolved mikimouse.net to

Server:  mikimouse.net (Alternate domains mikimouse.org mikispace.org)
Port:  1863
Server password:  jobs
Channel:  #jobs
Topic for #jobs is:
Topic for #jobs set by h at Sat Feb 23 19:28:30 2013

This is the same bot, port and spreading method as a previously posted botnet. However that had been sinkholed so it appears the operators have started off fresh. They are off to a poor start, using a Hackforums .net crypter that breaks bot startup.

Hosting infos: http://whois.domaintools.com/

Chat with a guy who runs it

(11:52:02 PM) hidden: hey bro
(11:52:05 PM) hidden: r u there
(11:52:10 PM) Nraep: yup
(11:52:12 PM) hidden: can u do a favour for me
(11:52:19 PM) Nraep: what?
(11:52:34 PM) hidden: u put my botnet on honeypots
(11:52:47 PM) hidden: can u remove it
(11:52:47 PM) hidden: ?
(11:52:55 PM) Nraep: which one?
(11:53:08 PM) hidden: coz some fucking guys are joined there evry day and spaming mee 
(11:53:20 PM) hidden: some bitchezz like aliss
(11:53:22 PM) hidden: lol
(11:53:23 PM) Nraep: lol
(11:53:27 PM) hidden: chanel #jobs
(11:53:40 PM) hidden: see there witch are with chanel #jobs remove
(11:54:20 PM) Nraep: This one? http://www.exposedbotnets.com/2013/02/mikimousenet-ngrbot-irc-botnet-hosted.html
(11:54:58 PM) hidden: yes
(11:54:59 PM) hidden: bro
(11:55:12 PM) hidden: coz i got to much of dnss there with these infos
(11:55:17 PM) Nraep: So wait, was this yours as well? http://www.exposedbotnets.com/2012/10/venustimeinfopl-ngrbot-irc-botnet.html
(11:55:32 PM) Nraep: same port, bot, etc
(11:55:41 PM) hidden: yes sure
(11:56:05 PM) Nraep: how many bots did you get on that one? you seemed to be spreading like mad
(11:56:15 PM) hidden: 12k
(11:56:31 PM) hidden: i dont spread in last few days
(11:56:34 PM) hidden: coz i dont have time
(11:56:38 PM) hidden: my partner does that
(11:56:46 PM) hidden: the problem is that no good cryptors
(11:56:58 PM) Nraep: yeah, I saw you using a .net one
(11:57:00 PM) hidden: i had with this bin and this method of spread more than 40k
(11:57:04 PM) hidden: but now im lower
(11:57:10 PM) hidden: fuckk
(11:57:46 PM) Nraep: must be getting detected
(11:58:06 PM) hidden: yeah
(11:58:13 PM) Nraep: so do you just do ppi on them?
(11:58:16 PM) hidden: so these are my infos of my bots
(11:58:35 PM) hidden: so pls dont post them if u can :P
(11:58:43 PM) hidden: nothing for now
(11:58:50 PM) hidden: i dont know any good ppi
(11:58:56 PM) hidden: all rippers and noone pays good
(12:00:28 AM) Nraep: it won't do much good to take it down now, everyone who spams you already has the address
(12:01:00 AM) hidden: yes but better to remove it lol
(12:01:14 AM) hidden: also when u see this again dont post me anymore :$
(12:01:24 AM) hidden: i did not saw pig to tell him
(12:01:33 AM) hidden: he will do it im 100000% pretty sure
(12:01:50 AM) Nraep: I'll let him know
(12:01:56 AM) hidden: ok tell him
(12:01:59 AM) hidden: xDrulZ
(12:02:07 AM) hidden: he knows me the albanian guy from skopje
(12:02:07 AM) hidden: ;)
(12:02:13 AM) Nraep: ok
(12:02:41 AM) hidden: ask him to remove post from there and ull get +1 answer
(12:03:13 AM) Nraep: I will
(12:03:21 AM) Nraep: he's not on right now though
(12:03:54 AM) hidden: i got him on msn .. but i think hes not online never
(12:04:06 AM) Nraep: he's usually on irc
(12:04:14 AM) hidden: nerdlife
(12:04:15 AM) hidden: :P
Categories: Uncategorized