To report a botnet PRIVATELY please email: [EMAIL PROTECTED]
----------
I'm not sure if some got already mentioned
1)
nepenthes-a30ddbb3d3e45b0f5bf6c63e26dc13c9-Sound.exe : [SANDBOX]
contains a security risk - W32/Spybot.gen6 (Signature: W32/SDBot.YNE)
* MD5 hash: a30ddbb3d3e45b0f5bf6c63e26dc13c9.
[ Network services ]
* Looks for an Internet connection.
* Connects to "reptile.locean-indien.com" on port 6667 (TCP).
* Connects to IRC server.
* IRC: Uses nickname NeT803400248.
* IRC: Uses username htpserldooa.
* IRC: Joins channel ##Rx-AsN## with password #Rx-AsN#.
* IRC: Sets the usermode for user NeT803400248 to -x+iB.
2)
nepenthes-7dc73bfa4d78284155dd5101991eeb34-index.html : [SANDBOX]
contains a security risk - W32/Malware (Signature: W32/Smalldrp.FDM)
* MD5 hash: 7dc73bfa4d78284155dd5101991eeb34.
[ Network services ]
* Connects to "symantec.loves.the.cock.pheer.biz" on port 18067 (TCP).
* Sends data stream (13 bytes) to remote address
"symantec.loves.the.cock.pheer.biz", port 18067.
* Connects to IRC Server.
* Connects to "owjgp.game2max.net" on port 18067 (TCP).
* Sends data stream (13 bytes) to remote address
"owjgp.game2max.net", port 18067.
3)
nepenthes-195ef8c9328fab28b474c20edc3f7d3e-wvemsgr.exe : [SANDBOX] contains a
* MD5 hash: 195ef8c9328fab28b474c20edc3f7d3e.
[ Network services ]
* Looks for an Internet connection.
* Connects to "getsome.minilauncher.net" on port 65267 (TCP).
* Connects to IRC Server.
4)
nepenthes-9e2acfb52bd3844c1de0f6bc1f78ffe2-asn.exe : [SANDBOX]
contains a security risk - W32/Spybot.gen3 (Signature:
W32/Spybot.AHDO)
* MD5 hash: 9e2acfb52bd3844c1de0f6bc1f78ffe2.
[ Network services ]
* Looks for an Internet connection.
* Connects to "dynamic1082.amdwebhost.com" on port 6667 (TCP).
* Connects to IRC server.
* IRC: Uses password R4DRR4KZ6ZD3.
* IRC: Uses nickname aSNa-8034002.
* IRC: Uses username ezkieyaca.
* IRC: Joins channel #asn with password PdIAykAD.
* IRC: Sets the usermode for user aSNa-8034002 to .
5)
nepenthes-3adad9d9eaaa923d4fdbcdb8e11f94f9-winPE.exe : [SANDBOX]
contains a security risk - W32/Spybot.gen3 (Signature: W32/Pinfi.A)
[ General information ]
* MD5 hash: 3adad9d9eaaa923d4fdbcdb8e11f94f9.
[ Network services ]
* Looks for an Internet connection.
* Connects to "irc.nkclan.net" on port 7007 (TCP).
* Sends data stream (18 bytes) to remote address "irc.nkclan.net",
port 7007.
* Connects to IRC Server.
6)
nepenthes-c3cb486a2abe71534f76fa22bc14f9b7-winmgr.exe : [SANDBOX]
contains a security risk - W32/Backdoor (Signature: W32/Spybot.ACAD)
* MD5 hash: c3cb486a2abe71534f76fa22bc14f9b7.
[ Network services ]
* Looks for an Internet connection.
* Connects to "213.202.229.13" on port 6667 (TCP).
* Connects to IRC server.
* IRC: Uses nickname akka-803400.
* IRC: Uses username htpserld.
* IRC: Joins channel #akka with password reboot.
* IRC: Sets the usermode for user akka-803400 to -x+B.
7)
nepenthes-bc3318ace8785ae89b36a9d7f049aec8-p.exe : [SANDBOX] contains
a security risk - W32/Spybot.gen2 (Signature: W32/Spybot.AHWD)
* MD5 hash: bc3318ace8785ae89b36a9d7f049aec8.
[ Network services ]
* Connects to "real80.act10l.com.ar" on port 80 (TCP).
* Connects to IRC Server.
8)
nepenthes-04c250c236aae5b7e2dae67c13a54b55-eraseme_00156.exe :
[SANDBOX] contains a security risk - W32/Downloader (Signature:
W32/SDBot.ZFP)
* MD5 hash: 04c250c236aae5b7e2dae67c13a54b55.
[ Network services ]
* Downloads file from http://http.down.love.witlog.net/tds.exe as C:\U.exe.
9)
nepenthes-19f531b289e0a22d3ca7aa6714e65c7b-plscd.exe : [SANDBOX]
contains a security risk - W32/Spybot.gen4 (Signature:
W32/Spybot.AEHU)
* MD5 hash: 19f531b289e0a22d3ca7aa6714e65c7b.
[ Network services ]
* Looks for an Internet connection.
* Connects to "jrbot.kuso-fansub.info" on port 6667 (TCP).
* Connects to IRC server.
* IRC: Uses nickname aSn-803400248.
* IRC: Uses username ezkieyacagi.
* IRC: Joins channel #!asn! with password getfucked.
* IRC: Sets the usermode for user aSn-803400248 to -x+iB.
10)
nepenthes-a18949e4c5b1b04168edae841524f46b-valuex.exe : [SANDBOX]
contains a security risk - W32/Malware (Signature: W32/Spybot.ABYM)
* MD5 hash: a18949e4c5b1b04168edae841524f46b.
[ Network services ]
* Looks for an Internet connection.
* Connects to "samba.core1.info" on port 10362 (TCP).
* Connects to IRC Server.
11)
nepenthes-80927bad81f9cde6f77d6a6dd9a642d8-winfixup.exe : [SANDBOX]
contains a security risk - W32/Spybot.gen3 (Signature:
W32/Spybot.AGYF)
* MD5 hash: 80927bad81f9cde6f77d6a6dd9a642d8.
[ Network services ]
* Looks for an Internet connection.
* Connects to "home.paltalkdc.com" on port 7000 (TCP).
* Connects to IRC Server.
12)
nepenthes-195ef8c9328fab28b474c20edc3f7d3e-wvemsgr.exe : [SANDBOX]
contains a security risk - W32/Spybot.gen4 (Signature:
W32/Spybot.AFHF)
* MD5 hash: 195ef8c9328fab28b474c20edc3f7d3e.
[ Network services ]
* Looks for an Internet connection.
* Connects to "getsome.minilauncher.net" on port 65267 (TCP).
* Connects to IRC Server.
13)
nepenthes-031e9668549ae3de7295bf20d4ababa1-laordewll.exe : [SANDBOX]
contains a security risk - W32/Spybot.gen3 (Signature: W32/Ircbot.AAY)
* MD5 hash: 031e9668549ae3de7295bf20d4ababa1.
[ Network services ]
* Looks for an Internet connection.
* Connects to "der.ifconfig.us" on port 7000 (TCP).
* Connects to IRC Server.
14)
nepenthes-2c84c2f9733d19bf1298307fa6ff779c-ohndddo.exe : [SANDBOX]
contains a security risk - W32/Spybot.gen3 (Signature:
W32/Spybot.AHDB)
* MD5 hash: 2c84c2f9733d19bf1298307fa6ff779c.
[ Network services ]
* Looks for an Internet connection.
* Connects to "dem3ntedfreaks.net" on port 6667 (TCP).
* Connects to IRC server.
* IRC: Uses nickname ezkieyacagiz.
* IRC: Uses username ezkieyacagiz.
15)
nepenthes-382ca8e9409673715dedb98b38d85f58-USBhardware9.exe :
[SANDBOX] contains a security risk - W32/Spybot.gen2 (Signature:
W32/Spybot.VNS)
* MD5 hash: 382ca8e9409673715dedb98b38d85f58.
[ Network services ]
* Connects to "tigroulaki.ugly.as" on port 3267 (TCP).
* Connects to IRC Server.
16)
nepenthes-fdef4b3c49706959cbdf41c755070fc1-msvpn.exe : [SANDBOX]
contains a security risk - W32/Malware (Signature: W32/Spybot.AGSB)
* MD5 hash: fdef4b3c49706959cbdf41c755070fc1.
[ Network services ]
* Connects to "irc.suckmynuts.org" on port 2715 (TCP).
* Connects to IRC Server.
17)
nepenthes-f16800dea64522d686d88e67c7b02597-sysinfo.exe : [SANDBOX]
contains a security risk - W32/Malware (Signature: W32/Spybot.ABON)
* MD5 hash: f16800dea64522d686d88e67c7b02597.
[ Network services ]
* Connects to "n0n0.d0d0n0.info" on port 8585 (TCP).
* Connects to IRC Server.
18)
nepenthes-dfa289dd1292fc6142e403b51d538c7d-iexplorers.exe : [SANDBOX]
contains a security risk - W32/Malware (Signature: W32/Spybot.AEWP)
* MD5 hash: dfa289dd1292fc6142e403b51d538c7d.
[ Network services ]
* Looks for an Internet connection.
* Connects to "forum.ednet.es" on port 8080 (TCP).
* Connects to IRC Server.
19)
nepenthes-e53cb0b03d39aec6376db9500cc3f966-scorti.exe : [SANDBOX]
contains a security risk - W32/Spybot.gen3 (Signature:
W32/Spybot.AAUP)
* MD5 hash: e53cb0b03d39aec6376db9500cc3f966.
[ Network services ]
* Looks for an Internet connection.
* Connects to "manz.urshell.com" on port 7000 (TCP).
* Connects to IRC Server.
20)
nepenthes-1472561f918ef20af12e82a735cc5b64-update32.exe : [SANDBOX]
contains a security risk - W32/Spybot.gen3 (Signature:
W32/Spybot.ABQJ)
* MD5 hash: 1472561f918ef20af12e82a735cc5b64.
[ Network services ]
* Looks for an Internet connection.
* Connects to "xfriends.devilslife.com" on port 6667 (TCP).
* Connects to IRC server.
* IRC: Uses nickname xXx-004472890.
* IRC: Uses username auafsqhguvv.
* IRC: Joins channel #xXx# with password XRealm.
* IRC: Sets the usermode for user xXx-004472890 to +x.
21)
nepenthes-ff13f42c816eea68c9abf03f4544f39f-ntsf.exe : [SANDBOX]
contains a security risk - W32/Spybot.gen3 (Signature:
W32/Spybot.AHSL)
* MD5 hash: ff13f42c816eea68c9abf03f4544f39f.
[ Network services ]
* Looks for an Internet connection.
* Connects to "213.202.205.171" on port 6667 (TCP).
* Connects to IRC server.
* IRC: Uses password eddyeguerrero77.
* IRC: Uses nickname [TheCroWCRe]-803400.
* IRC: Uses username ezkieyac.
22)
nepenthes-cc95b4224748a4886daa78487a40b8ed-lssas.exe : [SANDBOX]
contains a security risk - W32/Spybot.gen7 (Signature:
W32/Spybot.AHTV)
* MD5 hash: cc95b4224748a4886daa78487a40b8ed.
[ Network services ]
* Looks for an Internet connection.
* Connects to "online.ircstyle.net" on port 6667 (TCP).
* Connects to IRC server.
* IRC: Uses nickname GurL80340024.
* IRC: Uses username ezkieyacag.
* IRC: Joins channel ##rrxx with password li.
* IRC: Sets the usermode for user GurL80340024 to -x+B.
23)
nepenthes-6d8e44cf7e66e01a5c29bef865ef4510-mssh32.exe : [SANDBOX]
contains a security risk - W32/Spybot.gen7 (Signature: NO_VIRUS)
* MD5 hash: 6d8e44cf7e66e01a5c29bef865ef4510.
[ Network services ]
* Looks for an Internet connection.
* Connects to "dd0s.ns0.it" on port 3000 (TCP).
* Connects to IRC Server.
_______________________________________________
botnets mailing list
To report a botnet PRIVATELY please email: [EMAIL PROTECTED]
http://www.whitestar.linuxbox.org/mailman/listinfo/botnets
