powdereddoughnut.com - hosting small ZeuS botnet
220.127.116.11 - JumpLine, US, Ohio
Domain has Whois protection
Targets include VN and AE .gov sites
POP3 and HTTP credentials, no banking credentials seen
ZeuS C&C login:
42 bots - why you so shitty and small?
OS Statistics to show what systems get hit.
note: Win7 x64
Someone left a sandy sea shell on your sea shore...
Shared hosting - wtf, really?
$ uname -a
Linux cpanel03.myhostcenter.com 2.6.32-358.6.2.el6.x86_64 #1 SMP Thu May 16 20:59:36 UTC 2013 x86_64 x86_64 x86_64 GNU/Linux
uid=33351(powdered) gid=33355(powdered) groups=33355(powdered)
Reported abuse to:
postmaster( a t )myhostcenter.com
compliance( a t ) opensrs.org