Sampling malicious activity through the eyes of the cybercriminal, is always beneficial in the context of timely spotting valuable trends and fads within the ecosystem, given a decent sample of malicious activity is obtained.
In this post, we'll review a new DDoS bot on the block - "Snap".
This modular bot differentiates itself by offering the ability to choose between different modules to be added to the final package, and by allowing to perform to "proprietary" DDoS functions, namely the TurboSYN, and TrafficDDoS. Next to its core DDoS functionality, the coder of the bot is differentiating by offering Form Grabbing; Reverse Socks; MailSpamming; IM-Spamming and Exploits launching functionality.
More details from the actual proposition:
[+] language the bot is coded in : mASM
[+] no external depencies, no run times , no frame works!
[+] Ability to work with roaming user accounts
[+] modularized structure of the bot
[+] Second Backup Service watch process Activity and restart bot on fail over
[+] User Mode r00tkit
-> [+] run's as a service and hides itself
-> [+] hides & protect root process
-> [+] hides & protect files
-> [+] hides the root processes
-> [+] hides already used local&remote TCP Port(s)
-> [+] hides already used local&remote UDP Port(s)
-> [+] hides already used regkey's
[+] semi polymorphic architecture
-> [+] uses random legit process, file & service names
-> [+] generates a unique stub every run
[+] bot doesn't use eof, has no import table, doesnt need relocation and tls section => very good crypter support
[+] Unicode support for Asian pcs
[+] detects common sandboxes, virtual OSs, emulators, and analysis tools
[================[ Webpanel ]==--
[+] the webpanel is developed with dreamweaver cs5 and ajax framework using mysql and php
[+] multi theme support available
[+] multi command support => every victim can do as many threads as you want it to
[+] reliable protocol which creates the lowest possible server load
[+] modularized structure of the bot
[===[ Modules ]==--
[+] Base price (Core) for 250$
Loader:
[+] Load module (simple) +0$
[+] Load module (extended) for 50$
Proxy:
[+] Socks5 Deamon for 50$
[+] reverse Socks 4/Socks 4a/Socks 5/ HTTP(s) for 150$
DDoS:
[+] DDoS Module (http/syn) for 50$
[+] DDoS Module (full) for 100$
DDoS(full) + Load module (extended) + Socks5 Deamon for 400$
Related posts:
Coding Spyware and Malware for Hire
Will Code Malware for Financial Incentives
E-crime and Socioeconomic Factors
Web Based Botnet Command and Control Kit 2.0
This post has been reproduced from Dancho Danchev's blog. Follow him on Twitter.
No comments:
Post a Comment