[botnets] Infection in progress

Mon, 16 Jul 2007 18:27:27 -0700 

To report a botnet PRIVATELY please email: [EMAIL PROTECTED]
----------
Hi
This is an extract from a monitoring log
The Time Zone is CET -9

I do have the executables, delivered to Virustotal.com

========================================================================
====================
07-13-2007      14:58:55
;85.17.168.140:/svhost/main.php?status=mainstring
07-13-2007      14:58:56
;85.17.168.140:/main.php?status=mainstring
07-13-2007      14:59:08
;85.17.168.140:/svhost/main.php?status=iframes
07-13-2007      14:59:08
;80.237.211.63:/as_noscript.php?name=poolinstok
07-13-2007      14:59:09        ;85.17.168.140:/svhost/stats.php
07-13-2007      14:59:23        ;85.17.168.140:/install/wr-1-0000077.exe
07-13-2007      14:59:31        ;194.90.224.86:/retadpu.exe
07-13-2007      14:59:32        ;194.90.224.86:/retadpu.exe?c74c45f8
07-13-2007      14:59:32        ;194.90.224.86:/retadpu.exe
07-13-2007      15:03:29
;82.98.235.70:/443?sid=2D545A5A4F1F545B365C36593651505A363A0C1B1F000A0C4
939080A02495D4F0A000D54285A2A585D585C2F28282D595D585C5A285C2B5F2D5C5A515
E5C505D5B5F5D2D4F081D542F5E5E5F285C2A2A5A58512D58582D2A515F592C2F5F5E5A5
1502F2F2F2F2F2F4F131854584F1D1954594F080
07-13-2007      15:07:30
;194.126.193.157:/browser.php?a=143851525&b=5c874145b8f9d9c82980c3baf610
c6ba90982d8256f158b94a3f274540ce72dc&c=5003&d=0&e=--&f=0&g=30&h=0&i=0&j=
242340
07-13-2007      15:08:20
;194.126.193.155:/nrjs/chk/2b1f7329e27dc7a57219f1db7e770aa9cb0c33ef0c686
bd877a515291a5a6d00
07-13-2007      15:08:20
;194.126.193.155:/nrjs/chk/2b1f7329e27dc7a57219f1db7e770aa9cb0c33ef0c686
bd877a515291a5a6d00
07-13-2007      15:08:20        ;207.68.183.32:/
07-13-2007      15:08:20        ;69.20.25.92:/GetAd/tekID58.ini
07-13-2007      15:08:20        ;69.20.25.92:/uttc/udata2.txt
07-13-2007      15:08:20
;8.255.51.252:/br/hp/en-us/css/26/override.css
07-13-2007      15:08:20
;8.255.51.252:/br/hp/en-us/css/20/ushp.css
07-13-2007      15:08:20        ;8.255.49.252:/br/hp/en-us/js/18/hptg.js
07-13-2007      15:08:21        ;69.20.25.92:/ax/tk58.exe
07-13-2007      15:08:24        ;193.189.93.14:/tmc/to.php?id=VSLYL
07-13-2007      15:08:24        ;69.20.25.92:/GetAd/tekID58.ini
07-13-2007      15:08:24        ;8.255.50.252:/library/dap.js
========================================================================
====================

John


_______________________________________________
To report a botnet PRIVATELY please email: [EMAIL PROTECTED]
All list and server information are public and available to law enforcement 
upon request.
http://www.whitestar.linuxbox.org/mailman/listinfo/botnets

Reply via email to