btcguild.com(Bitcoin Miner botnet hosted in United States Dallas Ebl Global Networks Inc.)

URL:
hxxp://btcguild.com:8332/  
hxxp://btcguild.com:8332 -u chakan_1 -p 123
hxxp://btcguild.com:8332 -u graskla_1 -p 123

DATA:
POST / HTTP/1.1
Authorization: Basic Y2hha2FuXzE6MTIz
Content-Length: 43
User-Agent: Ufasoft bitcoin-miner/0.20 (Windows NT XP 5.1.2600 Service Pack 3)
Host: btcguild.com:8332
Cache-Control: no-cache

{“method”: “getwork”, “params”: [], “id”:0}

Actions Detected:
Creates autorun records
Injects code into other processes
Patches system files

Samples:
hxxp://193.107.18.123/1.exe
hxxp://193.107.18.123/2.exe

Hosting infos:
http://whois.domaintools.com/198.154.98.210