Log In         


The Nigerian Botnet

']['€AM€LiT€ Forum - News, Reports and Alerts

 
AuthorMessage
 Vektor

  2009-08-03
  19:56:49
 
Quote
The trojan is extracted usually by a NSIS installer posted on various forums as %windir%\service.exe (example: warez-bb.org , user: Hazeeeymist - all posts).

  • Botnet server: nigerianx.ishidden.net:9095 (82.146.52.137)
  • Channel: #nigerianererzzz
  • Prefix for bots: [00|USA|*]
  • Login password for bots: nigerian
  • Owners: qmp (qmp!user@uNkn0wn.eu) , itachi (itachi!Neliel.tu.@uNkn0wn.eu) - probably 419.eu was not available when they registered their domain


nigerianx.ishidden.net:9095 wrote:
[21:29] *** Connected
[21:29] *** Joins: Lithium
[21:29] *** Joins: [00!USA!731057]
[21:29] *** Looking up your hostname...
[21:29] *** Found your hostname
[21:29] <82.146.52.137>
               M0dded by uNkn0wn Crew             

          www.uNkn0wn.eu - iD@uNkn0wn.eu          



MOTD File is missing
[21:31] <qmp> .login nigerian
[21:31] <[00!USA!249046]> .::[Main]::. Welcome.
[21:31] <[M00!PRT!51795]> .::[Main]::. Welcome.
[21:31] <[00!ESP!208785]> .::[Main]::. Welcome.
[21:31] <[00!DEU!500321]> .::[Main]::. Welcome.
[21:31] <[M00!USA!79053]> .::[Main]::. Welcome.
[21:31] <[02!USA!204220]> .::[Main]::. Welcome.
[21:31] <[00!GBR!562733]> .::[Main]::. Welcome.
[21:31] <[00!FRA!281034]> .::[Main]::. Welcome.
[21:31] <[00!USA!270603]> .::[Main]::. Welcome.
[21:31] <[00!ESP!964566]> .::[Main]::. Welcome.
[21:31] <[00!USA!508611]> .::[Main]::. Welcome.
[21:31] <[00!BRA!163997]> .::[Main]::. Welcome.
[21:31] <Lithium> .login nigerian
[21:31] <Lithium> .remove
[21:31] <[00!USA!692853]> .::[Main]::. Welcome.
[21:31] <[00!GBR!585683]> .::[Main]::. Welcome.
[21:31] <[00!USA!096497]> .::[Main]::. Welcome.
[21:31] <[00!USA!249046]> .::[Main]::. Welcome.
[21:31] <[M00!PRT!09261]> .::[Main]::. Welcome.
[21:31] <[00!FRA!127329]> .::[Main]::. Welcome.
[21:31] <[M00!PRT!51795]> .::[Main]::. Welcome.
[21:31] <[00!CAN!375128]> .::[Main]::. Welcome.
[21:31] <[00!USA!465837]> .::[Main]::. Welcome.
[21:31] <[00!USA!267524]> .::[Main]::. Welcome.
[21:31] <[00!USA!171077]> .::[Main]::. Welcome.
[21:31] <[00!USA!978698]> .::[Main]::. Welcome.
[21:31] <[00!GBR!813367]> .::[Main]::. Welcome.
[21:31] <[M00!PRT!85667]> .::[Main]::. Welcome.
[21:31] <[00!ESP!208785]> .::[Main]::. Welcome.
[21:31] <[00!COL!832751]> .::[Main]::. Welcome.
[21:31] <[00!DEU!500321]> .::[Main]::. Welcome.
[21:31] <[00!BRA!512004]> .::[Main]::. Welcome.
[21:31] <[04!USA!054569]> .::[Main]::. Welcome.
[21:31] <[00!USA!342272]> .::[Main]::. Welcome.
[21:31] <[M00!ESP!08183]> .::[Main]::. Welcome.
[21:31] <[00!USA!278936]> .::[Main]::. Welcome.
[21:31] <[00!USA!066059]> .::[Main]::. Welcome.
[21:31] <[00!USA!336405]> .::[Main]::. Welcome.
[21:31] <[00!DEU!761753]> .::[Main]::. Welcome.
[21:31] <[00!USA!632950]> .::[Main]::. Welcome.
[21:31] <[00!USA!249777]> .::[Main]::. Welcome.
[21:31] <[00!USA!643125]> .::[Main]::. Welcome.
[21:31] <[00!ITA!469153]> .::[Main]::. Welcome.
[21:31] <[00!USA!598089]> .::[Main]::. Welcome.
[21:31] <[00!NLD!979742]> .::[Main]::. Welcome.
[21:31] <[M00!COL!29607]> .::[Main]::. Welcome.
[21:31] <[00!USA!532588]> .::[Main]::. Welcome.
[21:31] <[M04!GBR!87514]> .::[Main]::. Welcome.
[21:31] <[M00!USA!79053]> .::[Main]::. Welcome.
[21:31] <[00!ESP!304134]> .::[Main]::. Welcome.
[21:31] <[00!USA!641804]> .::[Main]::. Welcome.
[21:31] <[M00!SWE!85936]> .::[Main]::. Welcome.
[21:31] <[00!ESP!079576]> .::[Main]::. Welcome.
[21:31] <[00!USA!866531]> .::[Main]::. Welcome.
[21:31] <[00!USA!710722]> .::[Main]::. Welcome.
[21:31] <[00!USA!971872]> .::[Main]::. Welcome.
[21:31] <[00!USA!220129]> .::[Main]::. Welcome.
[21:31] <[00!USA!955434]> .::[Main]::. Welcome.
[21:31] <[02!USA!977941]> .::[Main]::. Welcome.
[21:31] <[02!USA!204220]> .::[Main]::. Welcome.
[21:31] <[00!USA!565485]> .::[Main]::. Welcome.
[21:31] <[01!USA!976985]> .::[Main]::. Welcome.
[21:31] <[00!USA!659553]> .::[Main]::. Welcome.
[21:31] <[00!GBR!562733]> .::[Main]::. Welcome.
[21:31] <[00!POL!446782]> .::[Main]::. Welcome.
[21:31] <[01!USA!381530]> .::[Main]::. Welcome.
[21:31] <[00!ESP!048482]> .::[Main]::. Welcome.
[21:31] <[M00!BRA!02019]> .::[Main]::. Welcome.
[21:31] <[00!FRA!281034]> .::[Main]::. Welcome.
[21:31] <[00!USA!355410]> .::[Main]::. Welcome.
[21:31] <[00!USA!335055]> .::[Main]::. Welcome.
[21:31] <[01!USA!944409]> .::[Main]::. Welcome.
[21:31] <[00!USA!194430]> .::[Main]::. Welcome.
[21:31] <[04!USA!369683]> .::[Main]::. Welcome.
[21:31] <[M00!USA!72776]> .::[Main]::. Welcome.
[21:31] <[00!USA!618563]> .::[Main]::. Welcome.
[21:31] <[00!USA!341526]> .::[Main]::. Welcome.
[21:31] <[00!DNK!549579]> .::[Main]::. Welcome.
[21:31] <[00!USA!270603]> .::[Main]::. Welcome.
[21:31] <[00!ESP!964566]> .::[Main]::. Welcome.
[21:31] <[00!USA!623120]> .::[Main]::. Welcome.
[21:31] <[00!USA!842066]> .::[Main]::. Welcome.
[21:31] <[00!USA!547095]> .::[Main]::. Welcome.
[21:31] <[00!USA!508611]> .::[Main]::. Welcome.
[21:31] <[M00!USA!01471]> .::[Main]::. Welcome.
[21:31] <[00!POL!269788]> .::[Main]::. Welcome.
[21:31] <[00!USA!502143]> .::[Main]::. Welcome.
[21:31] <[M01!USA!56459]> .::[Main]::. Welcome.
[21:31] <[00!USA!949720]> .::[Main]::. Welcome.
[21:31] <[T01!USA!102215]> .::[Main]::. Welcome.
[21:31] <[00!BRA!163997]> .::[Main]::. Welcome.
[21:31] <[00!PRT!541409]> .::[Main]::. Welcome.
[21:31] <[00!POL!796205]> .::[Main]::. Welcome.
[21:31] <[00!USA!249046]> !!!Security!!!. Lamer detected. coming back next reboot, cya.
[21:31] <[00!USA!978698]> !!!Security!!!. Lamer detected. coming back next reboot, cya.
[21:31] <[00!USA!066059]> !!!Security!!!. Lamer detected. coming back next reboot, cya.
[21:31] <[02!USA!204220]> !!!Security!!!. Lamer detected. coming back next reboot, cya.
[21:31] <[00!USA!335055]> !!!Security!!!. Lamer detected. coming back next reboot, cya.
[21:31] <[00!USA!270603]> !!!Security!!!. Lamer detected. coming back next reboot, cya.
[21:31] <[00!USA!547095]> !!!Security!!!. Lamer detected. coming back next reboot, cya.
[21:31] <[T01!USA!102215]> !!!Security!!!. Lamer detected. coming back next reboot, cya.
[21:31] <[00!USA!692853]> !!!Security!!!. Lamer detected. coming back next reboot, cya.
[21:31] <[00!GBR!585683]> !!!Security!!!. Lamer detected. coming back next reboot, cya.
[21:31] <[00!USA!096497]> !!!Security!!!. Lamer detected. coming back next reboot, cya.
[21:31] <[M00!PRT!09261]> !!!Security!!!. Lamer detected. coming back next reboot, cya.
[21:31] <[00!FRA!127329]> !!!Security!!!. Lamer detected. coming back next reboot, cya.
[21:31] <[M00!PRT!51795]> !!!Security!!!. Lamer detected. coming back next reboot, cya.
[21:31] <[00!CAN!375128]> !!!Security!!!. Lamer detected. coming back next reboot, cya.
[21:31] <[00!USA!465837]> !!!Security!!!. Lamer detected. coming back next reboot, cya.
[21:31] <[00!USA!267524]> !!!Security!!!. Lamer detected. coming back next reboot, cya.
[21:31] <[00!USA!171077]> !!!Security!!!. Lamer detected. coming back next reboot, cya.
[21:31] <[M00!PRT!85667]> !!!Security!!!. Lamer detected. coming back next reboot, cya.
[21:31] <[00!DEU!500321]> !!!Security!!!. Lamer detected. coming back next reboot, cya.
[21:31] <[00!BRA!512004]> !!!Security!!!. Lamer detected. coming back next reboot, cya.
[21:31] <[04!USA!054569]> !!!Security!!!. Lamer detected. coming back next reboot, cya.
[21:31] <[00!USA!342272]> !!!Security!!!. Lamer detected. coming back next reboot, cya.
[21:31] <[M00!ESP!08183]> !!!Security!!!. Lamer detected. coming back next reboot, cya.
[21:31] <[00!USA!278936]> !!!Security!!!. Lamer detected. coming back next reboot, cya.
[21:31] <[00!USA!336405]> !!!Security!!!. Lamer detected. coming back next reboot, cya.
[21:31] <[00!DEU!761753]> !!!Security!!!. Lamer detected. coming back next reboot, cya.
[21:31] <[00!USA!632950]> !!!Security!!!. Lamer detected. coming back next reboot, cya.
[21:31] <[00!USA!249777]> !!!Security!!!. Lamer detected. coming back next reboot, cya.
[21:31] <[M00!COL!29607]> !!!Security!!!. Lamer detected. coming back next reboot, cya.
[21:31] <[00!USA!532588]> !!!Security!!!. Lamer detected. coming back next reboot, cya.
[21:31] <[M04!GBR!87514]> !!!Security!!!. Lamer detected. coming back next reboot, cya.
[21:31] <[M00!USA!79053]> !!!Security!!!. Lamer detected. coming back next reboot, cya.
[21:31] <[00!ESP!304134]> !!!Security!!!. Lamer detected. coming back next reboot, cya.
[21:31] <[00!USA!641804]> !!!Security!!!. Lamer detected. coming back next reboot, cya.
[21:31] <[M00!SWE!85936]> !!!Security!!!. Lamer detected. coming back next reboot, cya.
[21:31] <[00!ESP!079576]> !!!Security!!!. Lamer detected. coming back next reboot, cya.
[21:31] <[00!USA!866531]> !!!Security!!!. Lamer detected. coming back next reboot, cya.
[21:31] <[00!USA!710722]> !!!Security!!!. Lamer detected. coming back next reboot, cya.
[21:31] <[00!USA!971872]> !!!Security!!!. Lamer detected. coming back next reboot, cya.
[21:31] <[00!USA!220129]> !!!Security!!!. Lamer detected. coming back next reboot, cya.
[21:31] <[00!USA!955434]> !!!Security!!!. Lamer detected. coming back next reboot, cya.
[21:31] <[02!USA!977941]> !!!Security!!!. Lamer detected. coming back next reboot, cya.
[21:31] <[01!USA!976985]> !!!Security!!!. Lamer detected. coming back next reboot, cya.
[21:31] <[00!USA!659553]> !!!Security!!!. Lamer detected. coming back next reboot, cya.
[21:31] <[00!POL!446782]> !!!Security!!!. Lamer detected. coming back next reboot, cya.
[21:31] <[00!ESP!048482]> !!!Security!!!. Lamer detected. coming back next reboot, cya.
[21:31] <[M00!BRA!02019]> !!!Security!!!. Lamer detected. coming back next reboot, cya.
[21:31] <[00!FRA!281034]> !!!Security!!!. Lamer detected. coming back next reboot, cya.
[21:31] <[00!USA!355410]> !!!Security!!!. Lamer detected. coming back next reboot, cya.
[21:31] <[00!USA!194430]> !!!Security!!!. Lamer detected. coming back next reboot, cya.
[21:31] <[04!USA!369683]> !!!Security!!!. Lamer detected. coming back next reboot, cya.
[21:31] <[M00!USA!72776]> !!!Security!!!. Lamer detected. coming back next reboot, cya.
[21:31] <[00!USA!618563]> !!!Security!!!. Lamer detected. coming back next reboot, cya.
[21:31] <[00!USA!341526]> !!!Security!!!. Lamer detected. coming back next reboot, cya.
[21:31] <[00!DNK!549579]> !!!Security!!!. Lamer detected. coming back next reboot, cya.
[21:31] <[00!ESP!964566]> !!!Security!!!. Lamer detected. coming back next reboot, cya.
[21:31] <[00!USA!623120]> !!!Security!!!. Lamer detected. coming back next reboot, cya.
[21:31] <[00!USA!842066]> !!!Security!!!. Lamer detected. coming back next reboot, cya.
[21:31] <[00!USA!508611]> !!!Security!!!. Lamer detected. coming back next reboot, cya.
[21:31] <[M00!USA!01471]> !!!Security!!!. Lamer detected. coming back next reboot, cya.
[21:31] <[00!POL!269788]> !!!Security!!!. Lamer detected. coming back next reboot, cya.
[21:31] <[00!USA!502143]> !!!Security!!!. Lamer detected. coming back next reboot, cya.
[21:31] <[M01!USA!56459]> !!!Security!!!. Lamer detected. coming back next reboot, cya.
[21:31] <[00!USA!949720]> !!!Security!!!. Lamer detected. coming back next reboot, cya.
[21:31] <[00!GBR!813367]> !!!Security!!!. Lamer detected. coming back next reboot, cya.
[21:31] <[00!ESP!208785]> !!!Security!!!. Lamer detected. coming back next reboot, cya.
[21:31] <[00!COL!832751]> !!!Security!!!. Lamer detected. coming back next reboot, cya.
[21:31] <[00!ITA!469153]> !!!Security!!!. Lamer detected. coming back next reboot, cya.
[21:31] <[00!USA!598089]> !!!Security!!!. Lamer detected. coming back next reboot, cya.
[21:31] <[00!NLD!979742]> !!!Security!!!. Lamer detected. coming back next reboot, cya.
[21:31] <[00!USA!565485]> !!!Security!!!. Lamer detected. coming back next reboot, cya.
[21:31] <[00!GBR!562733]> !!!Security!!!. Lamer detected. coming back next reboot, cya.
[21:31] <[01!USA!381530]> !!!Security!!!. Lamer detected. coming back next reboot, cya.
[21:31] <[01!USA!944409]> !!!Security!!!. Lamer detected. coming back next reboot, cya.
[21:31] <[00!BRA!163997]> !!!Security!!!. Lamer detected. coming back next reboot, cya.
[21:31] <[00!USA!643125]> !!!Security!!!. Lamer detected. coming back next reboot, cya.
[21:31] <[00!PRT!541409]> !!!Security!!!. Lamer detected. coming back next reboot, cya.
[21:31] <[00!POL!796205]> !!!Security!!!. Lamer detected. coming back next reboot, cya.
[21:33] *** Disconnected


nigerianx.ishidden.net:9095 wrote:
[21:40] *** Connecting to nigerianx.ishidden.net:9095...
[21:40] *** Connection refused by target machine
[21:40] *** Connecting to nigerianx.ishidden.net:9095...
[21:40] *** Connection refused by target machine
[21:41] *** Connecting to nigerianx.ishidden.net:9095...
[21:41] *** Connection refused by target machine
[21:43] *** Connecting to nigerianx.ishidden.net:9095...
[21:43] *** Connection refused by target machine


Another botnet I've found has this setup:

  • Server: Biz-dedicated.no-ip.biz
  • Channel: #inject2
  • Nickname format: %[computername][%[random 7]]
  • Login password: jjffxx123
  • Trojan: SetUp.exe
  • Installed driver: ntndis.sys


Last time I checked it there was only 1 bot :)

85.166.96.32:6667 wrote:
:inject!h3llsh4ck3@rox-25BCD1BF.sangtx.dsl-w.verizon.net PRIVMSG #inject2 :!login jjffxx123
:D4JXML91[83906]!123@rox-6D1CE8A5.dyn.optonline.net PRIVMSG #inject2 :You are already loggined as admin -  inject!h3llsh4ck3@rox-25BCD1BF.sangtx.dsl-w.verizon.net

____________________
 Vektor

  2009-08-03
  22:39:58
 
Quote
No-IP Abuse wrote:
Thanks for reporting this, we will get it disabled.


-TE- wrote:
[22:36] <-TE-> The address biz-dedicated.no-ip.biz changed the IP from 85.166.96.32 to 85.166.97.164 (botnet server)
[00:19] <-TE-> The address biz-dedicated.no-ip.biz changed the IP from 85.166.97.164 to 72.5.169.70 (botnet server)
[00:25] <-TE-> The address biz-dedicated.no-ip.biz changed the IP from 72.5.169.70 to 0.0.0.0 (botnet server)
 Vektor

  2009-08-04
  09:15:32
 
Quote
abuse@ispserver wrote:
Server has been stopped

Alexandr, AbuseTeam



82.146.52.137:9095 wrote:
[10:35] *** Connecting to nigerianx.ishidden.net:9095...
[10:35] *** Connected
[10:35] *** Disconnected
[10:38] *** Connecting to nigerianx.ishidden.net:9095...
[10:38] *** Connection timeout
[10:41] *** Connecting to nigerianx.ishidden.net:9095...
[10:41] *** Host unreachable