| Officially in the wild. No name as of yet but it looks to be building a Botnet. Heres what is known.
Filename: wgareg.exe, MD5: 9928a1e6601cf00d0b7826d13fb556f0 (this is the bot)
Incoming traffic on 445/TCP but there is a lot of background noise on that port.
Outgoing traffic to bniu.househot.com:18067 (Command and Control center, multiple IPs, IRC)
Outgoing traffic to port 445/TCP (scanning for victims and exploiting them)
__________________
The real treasure is in the hunt... |