Saturday, December 28, 2013

ZeuS botnet - powdereddoughnut.com

More work on the ZeuS Tracker C&Cs 

powdereddoughnut.com - hosting small ZeuS botnet
199.204.248.103  - JumpLine, US, Ohio
Domain has Whois protection

Targets include VN and AE .gov sites
POP3 and HTTP credentials, no banking credentials seen



Config f8e2d5d42364f80332c7661dd5fbe4a3



ZeuS C&C login:



breaking...



Summary:
42 bots - why you so shitty and small?


OS Statistics to show what systems get hit.
note: Win7 x64


Someone left a sandy sea shell on your sea shore...


Shared hosting - wtf, really? 



$ uname -a
Linux cpanel03.myhostcenter.com 2.6.32-358.6.2.el6.x86_64 #1 SMP Thu May 16 20:59:36 UTC 2013 x86_64 x86_64 x86_64 GNU/Linux

$ id
uid=33351(powdered) gid=33355(powdered) groups=33355(powdered)




bot_uninstall



Reported abuse to:
postmaster( a t )myhostcenter.com
compliance( a t ) opensrs.org

No comments:

Post a Comment