Features (finished/in beta):- Compatible with all Windows since 2000, x64 an

1. Features (finished/in beta):
2.  
3. - Compatible with all Windows since 2000, x64 and x86
4.  
5. - The actual bot is never written to disk, but stored encrypted inside the loader and executed in the memory of another process
6.  
7. - Usermode rootkit:
8.  
9. Tested on Windows XP, 7, only x86, most likely compatible with 2k3 and Vista too, will do tests on this later)
10.  
11. Hides files, processes and registry keys
12.  
13. - Firewall bypassing:
14.  
15. as much as its possible without operating from ring0
16.  
17. Currently bypasses:
18.  
19. + AVG Internet Security Pro 2011
20. + F-Secure Internet Security 2011
21. + Norton Internet Security 2011
22. + DefenseWall 3.08
23. + Malware Defender 2.7.2.0001
24. + Sunbelt Firewall (Will delay execution time ~20 seconds)
25. + Outpost Firewall Pro*
26. + Kaspersky Internet Security 2011*
27.  
28. * Firewall is bypassed, but not file protection
29.  
30. i'm actively trying to bypass more firewalls although i want to avoid loading a driver to do so
31.  
32. - Plugin system
33.  
34. The plugins are stored encrypted and is never decrypted on disk, will be loaded in memory so AV detections on the plugin is not an issue
35.  
36. The actual bot have a few remotely controlled features that is not done through plugins:
37.  
38. download, update, remove and ofcourse the ability to start plugin
39.  
40. Digital signing
41.  
42. you will have a tool that is used to add a signature to the file that you want to load on the bot
43. the bot will require a digital signature on the files that its executing to prevent unauthorized people to load exes on your bot, if for example your admin login would have been compromised
44.  
45. Loading
46.  
47. for loading 2 options exists, the first is using a download command to download a file from external location, and the other is loading the file directly from the C&C
48.  
49. only the direct loading have statistics (succesful loads/failed loads)
50.  
51. (you can choose to download file to memory or to disk)
52.  
53. Tasks
54.  
55. from the admin interface the features for the tasks are (as seen in screenshot):
56.  
57. enabled - (self explainatory, will enable or disable a task)
58. constant - (send command/file every time a bot knocks)
59. first knock (this is combined with 'constant', will load repeatedly but only on the first knock*)
60.  
61. having constant & first knock disabled will only start the task once per bot
62.  
63. * first knock is the first time it connects after it have been rebooted, so it will send the command/file once per session
64.  
65. filters:
66.  
67. you can choose to only start task on certain countries and regions, and also specify a limit
68.  
69. USB Spreader
70.  
71. A feature built in the bot (Enabled through tasks)
72.  
73. Will spread through USB devices
74.  
75. Features (planned)
76.  
77. Anti-virus update blocking (Will be working on something along the lines with Tughack's AVUB for the most common antivirus)
78.  
79. Plugins:
80.  
81. Spreaders (done/beta/in development):
82.  
83.  
84. - Twitter*
85. - MySpace* (fc)
86. - Hi5* (fc)
87. - ICQ* (fc)
88. - MSN (fc)
89. - Skype (fc)
90.  
91. * these spreaders have been written earlier this year and might need improvements to work again
92. * fc = full contact
93.  
94. Spreaders (planned):
95.  
96. - Facebook (Wall post)
97. - AIM
98. - xFire
99.  
100. (Im not planning on making IM Spreaders for less popular ones like GTalk, Yahoo, etc)
101.  
102. Other (done/beta/in development)
103.  
104. - Reverse socks
105. - Formgrabbing:
106.  
107. The sites to grab will be specified in the panel, it will not grab every site like zeus and overload the server
108.  
109. - Sniffer:
110.  
111. a sniffer to grab WHM, Cpanel and FTP passwords on the fly
112.  
113. - DDoS:
114.  
115. I'm only planning to add HTTP flood, might add other types of floods in the future