Yet another do-it-yourself malware is getting pitched as one with low detection rate due to its proprietary nature, following the logic that based on the fact that few people will have it, it would somehow remain undetected for a longer period of time. The applied logic is however, excluding the possibility of used to recently purchased good as a bargain to obtain or improve the chances of obtaining access to another good or a service in the face of access to a closed for the public forum where exclusive tools and incidents are actively discussed.
How is a seller of yet another DIY malware going to differentiate her market proposition? Adding a service in the form of managing and verifying the buyer's undetected binaries is slowly maturing into what 24/7 customer support service is for most market propositions - a commodity and something that's often taken for granted. In the case of this DIY malware, the author is aiming to differentiate the proposition by also offering the source code of the malware, thus, embracing the open source mentality just like many other malware authors are, believing that innovation will come on behalf of those adding extra features and fixing bugs within the malware - and they are sadly right about the innovation belief. Some features of this malware :
- Stealing an Uploading to a specific FTP ( ICQ, FireFox, WinXP Keys, CD Keys )
- HTTP Get Flooding
- Syn Flooding and IP Spoofing
- Process Hiding without Register Service
- Hides from any kind of Taskmanager : Windows Taskmanager, Security Taskmanager )
- Settings can be changed all time. ( in running bots as well )
- Melting
- Mutexes Checking
- Anti VMware, Anti VPC, Anti Sandboxing, Anti Norman Sandbox
- Settings encrypted with RC-4
- Doesn't need .ocx
- Killing Windows Firewall
It looks and sounds, as a novice malware coder integrating publicly obtainble malware modules, hoping to cash in. Moreover, in regard to open source malware, questioning "Which is the latest version of the MPack web exploitation kit?" is slowly becoming pointless mainly because of the kits' open source nature, and besides localizing them to different languages, their effectiveness is also acting as the foundation for malware kits to come.
Related posts:
DIY Exploit Embedding Tool - A Proprietary Release
DIY Exploits Embedding Tools - a Retrospective
DIY German Malware Dropper
DIY Fake MSN Client Stealing Passwords
A Malware Loader for Sale
Yet Another Malware Cryptor In the Wild
DIY Malware Droppers in the Wild
More Malware Crypters for Sale
A Multi-Feature Malware Crypter
No comments:
Post a Comment