microsoft-ftp.com(CCTEAM botnet hosted in Russian Federation Moscow State Institute Of Information Technologies And Telecommunications (siit&t Informika))

By Pig, October 14, 2011

Resolved : [microsoft-ftp.com] To [85.143.50.132]

Remote Host Port Number
201.151.191.146 21
201.151.191.146 80
204.0.5.57 80
85.143.50.132 80

USER microsoft
JOIN #L0bby 9208i1533G
MODE #L0bby
PRIVMSG #L0bby :I’m New 0wned Bot
PRIVMSG #L0bby :USB Spread file not found in my system. Downloading now…
PRIVMSG #L0bby :Starting download… (Total size: 1.22MB)
PRIVMSG #L0bby :Download of disk.exe completed in 3.61 seconds.
NICK D1|XP|0-3|KCPLF
USER b4h8d0 0 * :Uptime 3mins 22secs
NICK D1|XP|0-3|RPKGW
USER h6e8l5 0 * :Uptime 2mins

Mirc bots spreading via usb
exe file here:http://610af5b6.tubeviral.com

hosting infos:
http://whois.domaintools.com/85.143.50.132

Categories: Uncategorized

Previous post208.117.34.14(ngrBot hosted in United States Laird Hill Steadfast Networks)

Next postsean06.com(ngrBot hosted in Canada Zenkis.ca)