On the majority of occasions, malware authors either put efforts into implementing a set of standard features within a malware enabling them to send out spam, use the already infected hosts as future infection and propagation vectors, or entirely outsource the features by releasing the malware as open source one. On the other hand, certain malware authors seem to avoid diversification and tend to stick to core competencies only, in this case a DDoS ready infected host as its only function, thereby decreasing the file size of the malware and sort of improving its stealthiness by putting the infected host in a passive "on demand" state compared to a situation where the host is already sending out spam and phishing emails could be much more easily identified as an infected one and its DDoS capability could turn irrelevant due the malware's multi tasking activities.
This specific DDoS malware kit currently offered for sale includes the standard firewall bypassing and rootkit capabilities, in between offering the possibility for zero day malware on demand once previous instances of the bot in question achieve a high detection rate. Moreover, in between providing custom DDoS capabilities like the ones I discussed in a previous post, it's yet another indication of the ongoing Web-ization of botnet communications which I think is about to replace the default use of the IRC command and control in the long term.
No comments:
Post a Comment