So if you have been following my posts on this blog, you may have noticed a large number of posts about the “betabot” malware. Betabot is a http bot which is sold on hackforums.net. Despite a number of complaints about serious stability issues, it has become popular with some of the more dedicated script kiddyRead more...
navega.pw (Betabot http botnet hosted by OVH.net)
Resolved navega.pw to 198.245.51.109 Server: navega.pw Gate file: /b7891/b986/bnav123/mar/360/vid5852/order.php This is on the same IP as the previously posted Athena irc botnet, and is one of three betabot botnets hosted on the server, with smalltoys and strike-file-hosting being the other two. Hosting infos: http://whois.domaintools.com/198.245.51.109 Related md5s (Search on malwr.com to download the samples) betabot: a422f5aabc160f5a8dbde033ea9e6d0bRead more...
bigtoys.pw (Betabot http botnet hosted by namecheap.com)
Resolved bigtoys.pw to 198.187.28.72 Server: bigtoys.pw Gate file: /b/order.php Alternative domain: smalltoys.pw I wonder who this could belong to? Name Server:NS2.HOSTING-MARVID.ME Name Server:NS1.HOSTING-MARVID.ME An idiot, obviously Related md5s (search on malwr.com to download the samples): Betabot: 2662af32e5d58d471bd16dc3202db284 Hosting infos: http://whois.domaintools.com/198.187.28.72
betabros.in (Several http botnets hosted by hostkey.ru)
Resolved betabros.in to 146.0.78.4 Server: betabros.in Gate file: /beta/order.php The owner should keep a closer eye on the fake forum he setup for cover. 1071 pages of pharmacy spam and counting. Hosting infos: http://whois.domaintools.com/146.0.78.4 EDIT: Bitcoin and litecoin mining. macromedia.exe -a scrypt -o http://us.litecoinpool.org:9332 -u marvid.disfig -p x shell.exe -o stratum+tcp://stratum.btcguild.com:3333 -u vapor_3 -p xRead more...