Category Archives: ZeroAccess Botnet

HISTORICAL Malware Sample – ZA/ZeroAccess/Sirefef – Traffic Sample Indicators Analysis

2012-10-04 00:34:27.740841 IP 192.168.106.131.1164 > 91.242.217.247.53: 25352 op6 [b2&3=0x3625] [40600a] [36508q] [18538n] [27703au][|domain] E..0M………j.[……5…     c.6%….Hjl7(pzb\Y.. 2012-10-04 00:34:27.741102 IP 192.168.106.131.1164 > 66.85.130.234.53: 25352 op6 [b2&3=0x3625] [40600a] [36508q] [18538n] [27703au][|domain] E..0M……`..j.BU…..5….c.6%….Hjl7(pzb\Y.. 2012-10-04 00:34:27.743925 IP 192.168.106.131.1166 > 91.242.217.247.53: 25352 op6 [b2&3=0x3625] [40600a] [63388q] [18538n] [27703au][|domain] E..0M………j.[……5…yc.6%….Hjl7(pzb…. 2012-10-04 00:34:27.744167 IP 192.168.106.131.1166 > 66.85.130.234.53: 25352 op6 [b2&3=0x3625] [40600a] [63388q] [18538n]… Read More »

Share Button

ZeroAccess/Sirefef P2P Trojan Rootkit Botnet Clickfraud Module for Dailyrx

2012-10-04 01:34:27.552176 IP 192.168.106.131.1161 > 8.8.8.8.53: 13107+ A? promos.fling.com. (34) E..>M………j……..5.**.33………..promos.fling.com….. 2012-10-04 01:34:27.602073 IP 8.8.8.8.53 > 192.168.106.131.1161: 13107 1/4/0 A 208.91.207.10 (128) E………xm……j..5……33………..promos.fling.com…………..,…[. ………,…ns1.dpnet………..,…ns2.B………,…ns4.B………,…ns3.B 2012-10-04 01:34:27.640903 IP 192.168.106.131.1162 > 208.91.207.10.80: Flags [S], seq 746089442, win 64240, options [mss 1460,nop,nop,sackOK], length 0 E..0M.@….J..j..[. …P,xk…..p… h………. 2012-10-04 01:34:27.682541 IP 208.91.207.10.80 > 192.168.106.131.1162: Flags [S.], seq 836904329, ack… Read More »

Share Button

ZeroAccess/Sirefef Peer-to-Peer Botnet 16464/UDP Beacon and www.e-zeeinternet.com Counter Malware

2013-02-03 21:30:51.276294 IP 172.16.253.132.1047 > 209.68.32.176.80: Flags [P.], seq 1:159, ack 1, win 64240, length 158 E….:@…^n…..D ….P.._.DB&kP…….GET /count.php?page=952000&style=LED_g&nbdigits=9 HTTP/1.1 Host: www.e-zeeinternet.com User-Agent: Opera/10 (Windows NT 5.1; US; x86) Connection: close 2013-02-03 21:30:51.276372 IP 172.16.253.132.1049 > 209.68.32.176.80: Flags [P.], seq 1:159, ack 1, win 64240, length 158 E….;@…^m…..D ….P 172.16.253.132.1047: Flags [.], ack 159, win… Read More »

Share Button