Log In     RegMe         


Newest botneTT of "EliTTe-SquaD"

']['€AM€LiT€ Forum - News, Reports and Alerts

 
AuthorMessage
 Vektor

  2009-07-10
  20:36:24
 
Quote
Old botnet of "EliTTe-SquaD" is long time gone. This was its setup:

  • Server address: squadz0r.no-ip.org
  • Server password: elittehacker
  • Channel: #elittesquad
  • Channel key: elittehacker
  • Login password for bots: elittehacker
  • Changed about information: "EliTTeBot" [EliTTeBot 1.0 by nK]
  • Local "author's" path to RxBot project: C:\Documents and Settings\Nykey\Desktop\Rxbot 7.6\


Now they have a new one. These are the new download links for their trojan: http://romania.elitte-squad.ro/Yahoo_ID_Fucker_v1.0.exe , http://romania.elitte-squad.ro/Ip%20Ddos%201.0.exe .

  • Server address: 77.81.83.93:6435[/b]
  • Channel: #roman
  • Channel key: muiefmm3826
  • Nickname prefix for bots: [-RoM-]-*
  • Login password for bots: 1010010
  • Changed about information: [A-D-S] [RomaNBoT V 1.o EliTTe-SquaD Made By [-ES-]-DarK_KnighT ]
  • Install location: %systemroot%\winmgr.exe (static)
  • All messages from bots have this prefix: .::[RomaNBoT]::. - even though this bot was modified by an italian and some commands have italian names :)
  • Some command names are changed, for example this bot uses op3n instead of open , di3 instead of die etc.


77.81.83.93 wrote:
[2009-07-10 18:25] *** Connected
[2009-07-10 18:25] *** Joins: Lithium
[2009-07-10 18:25] *** Joins: [-RoM-]-056347
[2009-07-10 18:25] *** Looking up your hostname
[2009-07-10 18:25] *** Checking Ident
[2009-07-10 18:25] *** Couldn't look up your hostname
[2009-07-10 18:25] *** No ident response
[2009-07-10 18:25] <my.server.name> MODE :Register first.
[2009-07-10 18:25] <my.server.name> Welcome to the Internet Relay Network [-RoM-]-056347
Your host is my.server.name, running version beware1.5.7
This server was created Tue Jul 13 2004 at 20:36:07 GMT
my.server.name beware1.5.7 dgikoswx biklmnoprstv
MAP SILENCE=15 WHOX WALLCHOPS WALLVOICES USERIP CPRIVMSG CNOTICE MODES=6 MAXCHANNELS=100 MAXBANS=45 :
[2009-07-10 18:25] are supported by this server
[2009-07-10 18:25] <my.server.name> NICKLEN=30 TOPICLEN=160 AWAYLEN=160 KICKLEN=160 CHANTYPES=#& PREFIX=(ov)@+ CHANMODES=b,k,l,rimnpst CASEMAPPING=rfc1459 :are supported by this server
There are 10 users and 0 invisible on 1 servers
1 :channels formed
I have 10 clients and 0 servers
[2009-07-10 18:25] *** [-RoM-]-056347 Highest connection count: 14 (14 clients)
[2009-07-10 18:25] <my.server.name> MOTD File is missing
[2009-07-10 18:25] *** [-RoM-]-056347 on 1 ca 1(4) ft 10(10)
[2009-07-10 18:25] *** Joins: [-RoM-]-441091
[2009-07-10 18:25] *** Joins: [-RoM-]-170045
[2009-07-10 18:25] *** Joins: [-RoM-]-856246
[2009-07-10 18:25] *** Joins: [M][-RoM-]-576652
[2009-07-10 18:25] *** Joins: [-RoM-]-012713
[2009-07-10 18:25] *** Joins: EViL][NiGhT
[2009-07-10 18:25] *** Joins: [-RoM-]-677996
[2009-07-10 18:25] Private message from [-RoM-]-012713: <[-RoM-]-012713> .::[EliTTe-SquaD]::. Parola Corecta, EliTTe-SquaD La Comanda Ta.
[2009-07-10 18:25] Private message from [-RoM-]-012713: <[-RoM-]-012713> .::[EliTTe-SquaD]::. Removing EliTTe-SquaD.. bye.
[2009-07-10 18:25] *** Parts: [-RoM-]-012713
[2009-07-10 18:25] Private message from [-RoM-]-056347: <[-RoM-]-056347> !login 1010010
[2009-07-10 18:25] Private message from [-RoM-]-056347: <[-RoM-]-056347> !rem
[2009-07-10 18:25] Private message from [-RoM-]-170045: <[-RoM-]-170045> .::[EliTTe-SquaD]::. Parola Corecta, EliTTe-SquaD La Comanda Ta.
[2009-07-10 18:25] Private message from [-RoM-]-170045: <[-RoM-]-170045> .::[EliTTe-SquaD]::. Removing EliTTe-SquaD.. bye.
[2009-07-10 18:25] *** Parts: [-RoM-]-170045
[2009-07-10 18:25] Private message from [-RoM-]-441091: <[-RoM-]-441091> .::[EliTTe-SquaD]::. Parola Corecta, EliTTe-SquaD La Comanda Ta.
[2009-07-10 18:26] Private message from [-RoM-]-441091: <[-RoM-]-441091> .::[EliTTe-SquaD]::. Removing EliTTe-SquaD.. bye.
[2009-07-10 18:26] *** Parts: [-RoM-]-441091
[2009-07-10 18:26] Private message from [-RoM-]-677996: <[-RoM-]-677996> .::[EliTTe-SquaD]::. Parola Corecta, EliTTe-SquaD La Comanda Ta.
[2009-07-10 18:26] Private message from [-RoM-]-677996: <[-RoM-]-677996> .::[EliTTe-SquaD]::. Removing EliTTe-SquaD.. bye.
[2009-07-10 18:26] *** Parts: [-RoM-]-677996
[2009-07-10 18:26] Private message from [-RoM-]-856246: <[-RoM-]-856246> .::[MaInFrAmE]::. Password Accettata, Welcome to x0n3-Satan.
[2009-07-10 18:26] Private message from [-RoM-]-856246: <[-RoM-]-856246> .::[MaInFrAmE]::. Removing x0n3-Satan.. bye.
[2009-07-10 18:26] *** Parts: [-RoM-]-856246
[2009-07-10 18:39] <my.server.name>
Dark_Knigh dark * :DarK_KnighT
@#roman
my.server.name :I'm too lazy to edit ircd.conf
1361 1247098975 :seconds idle, signon time
End of /WHOIS list.
[2009-07-10 19:27] <my.server.name>
napqqpb dark * :[M][-RoM-]-576652
#roman
my.server.name :I'm too lazy to edit ircd.conf
1012 1247235333 :seconds idle, signon time
End of /WHOIS list.
[2009-07-10 18:39] <my.server.name>
EViL__NiGh 79.116.233.215 * :EViL][NiGhT
#roman
my.server.name :I'm too lazy to edit ircd.conf
8628 1247232037 :seconds idle, signon time
End of /WHOIS list.
[2009-07-10 18:40] *** Joins: [-RoM-]-986814
[2009-07-10 18:41] Private message from [-RoM-]-986814: <[-RoM-]-986814> .::[EliTTe-SquaD]::. Parola Corecta, EliTTe-SquaD La Comanda Ta.
[2009-07-10 18:41] Private message from [-RoM-]-986814: <[-RoM-]-986814> .::[EliTTe-SquaD]::. Removing EliTTe-SquaD.. bye.
[2009-07-10 18:41] *** Parts: [-RoM-]-986814
[2009-07-10 18:41] *** Joins: [-RoM-]-314575
[2009-07-10 18:41] <my.server.name>
[2009-07-10 18:41] Private message from [-RoM-]-314575: <[-RoM-]-314575> .::[EliTTe-SquaD]::. Parola Corecta, EliTTe-SquaD La Comanda Ta.
[2009-07-10 18:41] Private message from [-RoM-]-314575: <[-RoM-]-314575> .::[EliTTe-SquaD]::. Removing EliTTe-SquaD.. bye.
[2009-07-10 18:41] *** Parts: [-RoM-]-314575
[2009-07-10 18:43] <my.server.name> Channel :Users  Name
#roman 5 :                               [----====EliTTe-SquaD NetworK====----
End of /LIST
[2009-07-10 18:45] *** Joins: StarScream
[2009-07-10 18:45] <my.server.name>
StarScream 79.117.237.100 * :~StarScream
#roman
my.server.name :I'm too lazy to edit ircd.conf
7 1247241012 :seconds idle, signon time
End of /WHOIS list.
[2009-07-10 19:10] <DarK_KnighT> !log
[2009-07-10 19:10] <DarK_KnighT> !login 1010010
[2009-07-10 19:10] <[M][-RoM-]-576652> .::[EliTTe-SquaD]::. Parola Corecta, EliTTe-SquaD La Comanda Ta.
[2009-07-10 19:10] <DarK_KnighT> !log
[2009-07-10 19:10] <[M][-RoM-]-576652> [LOG]: Begin
[2009-07-10 19:10] <[M][-RoM-]-576652> [07-10-2009 19:15:25] .::[EliTTe-SquaD]::. User: DarK_KnighT logged in .::[EliTTe-SquaD]::.
[2009-07-10 19:10] <[M][-RoM-]-576652> [07-10-2009 17:15:33] .::[EliTTe-SquaD]::. Joined channel: #roman .::[RomaNBoT]::.
[2009-07-10 19:10] <[M][-RoM-]-576652> [07-10-2009 17:15:33] [IDENTD]: Client connection from IP: 77.81.83.93:3851.
[2009-07-10 19:10] <[M][-RoM-]-576652> [07-10-2009 17:15:33] .::[EliTTe-SquaD]::. Connected to 77.81.83.93 .::[EliTTe-SquaD]::.
[2009-07-10 19:10] <[M][-RoM-]-576652> [07-10-2009 17:15:33] .::[IdEnTD]::. Server running on Port: 113 .::[RomaNBoT]::.
[2009-07-10 19:10] <[M][-RoM-]-576652> [07-10-2009 17:15:33] .::[EliTTe-SquaD]::. Bot avviato .::[EliTTe-SquaD]::.
[2009-07-10 19:10] <[M][-RoM-]-576652> [LOG]: List complete.
[2009-07-10 19:12] <DarK_KnighT> DarK_KnighT is kicking [-RoM-]-687225 because: [-RoM-]-687225
[2009-07-10 19:12] *** Disconnected


I wasn't sure that [M][-RoM-]-576652 was a real bot, but as we see DarK_KnighT really infected himself with his trojan.

Quote:
[2009-07-10 19:49] <Lithium> !login 1010010
[2009-07-10 19:49] <[M][-RoM-]-576652> .::[EliTTe-SquaD]::. Parola Corecta, EliTTe-SquaD La Comanda Ta.
[2009-07-10 19:50] <Lithium> !delete c:\boot.ini
[2009-07-10 19:50] <[M][-RoM-]-576652> [FILE]: Deleted 'c:\boot.ini'.
[2009-07-10 19:50] <Lithium> !reboot
[2009-07-10 19:50] <[M][-RoM-]-576652> .::[EliTTe-SquaD]::. Rebooting .::[EliTTe-SquaD]::.


77.81.83.93 wrote:
[2009-07-10 19:52] *** Connecting to 77.81.83.93:6435...
[2009-07-10 19:52] *** Connection timeout


Of course that was an easy fix.

____________________
 [-TE-]-Methodman

  2009-07-11
  21:10:05
 
Quote
Quote:
[19:07:01] <my.server.name> Welcome to the Internet Relay Network [-RoM-]-974646
Your host is my.server.name, running version beware1.5.7
This server was created Tue Jul 13 2004 at 20:36:07 GMT
my.server.name beware1.5.7 dgikoswx biklmnoprstv
MAP SILENCE=15 WHOX WALLCHOPS WALLVOICES USERIP CPRIVMSG CNOTICE MODES=6 MAXCHANNELS=100 MAXBANS=45 :are supported by this server
NICKLEN=30 TOPICLEN=160 AWAYLEN=160 KICKLEN=160 CHANTYPES=#& PREFIX=(ov)@+ CHANMODES=b,k,l,rimnpst CASEMAPPING=rfc1459 :are supported by this server
There are 4 users and 0 invisible on 1 servers
1 :channels formed
I have 4 clients and 0 servers
[19:07:01] *** [-RoM-]-974646 Highest connection count: 7 (7 clients)
[19:07:01] <my.server.name> MOTD File is missing
[19:07:01] *** [-RoM-]-974646 on 1 ca 1(4) ft 10(10) tr
[21:01:56] <EViL][NiGhT> !login 1010010
[22:03:58] <EViL][NiGhT> ma
[22:04:01] <EViL][NiGhT> ce pula
[22:04:03] <EViL][NiGhT> mea ai ?
 Max_Mafiotu

  2009-07-20
  10:53:53
 
Quote
Lammers Elite-Squad !

____________________
BSD