Wednesday, August 22, 2007

The Nuclear Malware Kit

Web based C&C malware kits are already a commodity, and with the source codes of MPack and IcePack freely available in the wild, modifications of the kits with far more advanced features will sooner or later get released. But what is prompting the botnet masters' interest of a web interface to their fast-flux networks, and in-depth statistics for the infected hosts? It's a results-oriented mindset, and the core objective of achieving malicious economies of scale. What does this mean from a psychological point of view? It means that even before launching a mass-spreading attack they've already anticipated its success so that more efforts go to assessing which are the most effective campaigns, countries prone to malware infections, and specific browser vulnerabilities used in order for them to tailor even more successful attacks in the future. When looking at screenshots of stats like these you realize that the browser and client side vulnerabilities in principle are the infection vector of choice, especially the unpatched ones, as given the last wide scale IFRAME attacks we've seen in the past six months, all the malware kits were using outdated browser vulnerabilities, and despite that, achieved enormous success.

More screenshots of a previous version of the Nuclear Malware Kit - yet another web based C&C available for sale :
- Infections per browser

- Infections per OS

- Infections per country

Related posts:
The Black Sun Bot - web based malware
The Cyber Bot - web based malware
Malware Embedded Sites Increasing
Botnet Communication Platforms
OSINT Through Botnets
Corporate Espionage Through Botnets