Cluster S

85 samples (WinXP (100%))

Ports
Infection Listen Egg-download
445 (38%)
139 (19%) 1028 (87%) 445 (65%)
73 (45%)
74 (33%)
139 (33%)

Filenames
Processes Executables
MSMSGS.EXE (100%) index.dat (100%)
firstswin.exe (47%)

Snort IDs
1:1390 (100%)
1:99998 (100%)
1:5001684 (80%)
1:2001683 (73%)
1:2001944 (67%)
1:3000006 (67%)
full list

Network chatter
FTP
pass=1 (100%)
user=1 (100%)
server=NzmxFtpd 0wns j0 (59%)
exec=firstswin.exe (42%)
server=fuckFtpd 0wns j0 (31%)

Static analysis
MD5 Antivirus labels
51be10... (7%)
diversity: 46.2%
full list
vipre (92%)
ircbot (85%)
sdbot (85%)
behav (54%)
heur (46%)
rbot (38%)
full list