*** IP of : 64.202.107.25 dns brawl.izthewiz.net
64.202.107.25:15433
Url exe: http://www.facebook-photo.net/images/pic9523846/
http://softwareshouse.com/clown/load.exe (bot)
C&C Server
USER R9aOi0GUERM1 qqljkaxf qqljkaxf qqljkaxf qqljkaxf
NICK: B13|NEW|USA|2K|VMDQVHTCZPK60U4
Channel: ##XTC##
JOIN: WwUd1X89I0 ##XTC## ........................
Topic:##XTC##:+BLZbopuX!bTgF6.hUEd71rSW9r06R5fL0EgKAq1IEXE5.Zp.1A05DyN7.Zsbd.!
auto startup path install as services
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\blazedworm]
Type = 0x00000001
Start = 0x00000003
ErrorControl = 0x00000000
ImagePath = "%System%\drivers\blazedworm.sys"
DisplayName = "blazedworm Driver"
Drop executable
C:\Documents and Settings\User\Application Data\WinNT\winlogon.exe
C:\Documents and Settings\User\Desktop\blazedworm.sys
C:\RECYCLER\blazewrm.vmx
more detail
http://threatinfo.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM%5FBLAZEBOT%2EA&VSect=T
Thursday, June 25, 2009
brawl.izthewiz.net (Blazebot) code by crim
Posted by Role at 9:18 PM
Subscribe to:
Post Comments (Atom)
0 comments:
Post a Comment