IRC Bot spread via social network and others factors..
Microsoft description: http://www.microsoft.com/security/porta ... illy_P2P.H
Additional: http://www.exposedbotnets.com/2013/04/x ... otnet.html
Sample: http://vxvault.siri-urz.net/ViriFiche.php?ID=23640
VT:
https://www.virustotal.com/fr/file/fff5 ... 367750452/
https://www.virustotal.com/fr/file/4c48 ... 367149421/
%APPDATA%/svchosts.exe via kernel32.CopyFileA
reg key:
SOFTWARE\Microsoft\Windows\CurrentVersion\Run\
SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run\
Then do CreateProcessA with the arg /NEWSHIT
Darkode guys behind these two files.
And probably also Skuffle aka X47.
Microsoft description: http://www.microsoft.com/security/porta ... illy_P2P.H
Additional: http://www.exposedbotnets.com/2013/04/x ... otnet.html
Sample: http://vxvault.siri-urz.net/ViriFiche.php?ID=23640
VT:
https://www.virustotal.com/fr/file/fff5 ... 367750452/
https://www.virustotal.com/fr/file/4c48 ... 367149421/
%APPDATA%/svchosts.exe via kernel32.CopyFileA
reg key:
SOFTWARE\Microsoft\Windows\CurrentVersion\Run\
SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run\
Then do CreateProcessA with the arg /NEWSHIT
Darkode guys behind these two files.
And probably also Skuffle aka X47.
Code: Select all
nmap:* Looking up xkzykxb.biz
* Connecting to xkzykxb.biz (94.242.237.128) port 4723...
* Connected. Now logging in...
*
GARBAGE: 001 server2.x01bkr2.biz
* 002 002 002
* 003 003 003
* 004 004 004
* 005 005 005
* 005 005 005
* 005 005 005
--> Now talking on #o.OAttachments
infected
(42.35 KiB) Downloaded 73 times
(42.35 KiB) Downloaded 73 times
