Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- Features (finished/in beta):
- - Compatible with all Windows since 2000, x64 and x86
- - The actual bot is never written to disk, but stored encrypted inside the loader and executed in the memory of another process
- - Usermode rootkit:
- Tested on Windows XP, 7, only x86, most likely compatible with 2k3 and Vista too, will do tests on this later)
- Hides files, processes and registry keys
- - Firewall bypassing:
- as much as its possible without operating from ring0
- Currently bypasses:
- + AVG Internet Security Pro 2011
- + F-Secure Internet Security 2011
- + Norton Internet Security 2011
- + DefenseWall 3.08
- + Malware Defender 2.7.2.0001
- + Sunbelt Firewall (Will delay execution time ~20 seconds)
- + Outpost Firewall Pro*
- + Kaspersky Internet Security 2011*
- * Firewall is bypassed, but not file protection
- i'm actively trying to bypass more firewalls although i want to avoid loading a driver to do so
- - Plugin system
- The plugins are stored encrypted and is never decrypted on disk, will be loaded in memory so AV detections on the plugin is not an issue
- The actual bot have a few remotely controlled features that is not done through plugins:
- download, update, remove and ofcourse the ability to start plugin
- Digital signing
- you will have a tool that is used to add a signature to the file that you want to load on the bot
- the bot will require a digital signature on the files that its executing to prevent unauthorized people to load exes on your bot, if for example your admin login would have been compromised
- Loading
- for loading 2 options exists, the first is using a download command to download a file from external location, and the other is loading the file directly from the C&C
- only the direct loading have statistics (succesful loads/failed loads)
- (you can choose to download file to memory or to disk)
- Tasks
- from the admin interface the features for the tasks are (as seen in screenshot):
- enabled - (self explainatory, will enable or disable a task)
- constant - (send command/file every time a bot knocks)
- first knock (this is combined with 'constant', will load repeatedly but only on the first knock*)
- having constant & first knock disabled will only start the task once per bot
- * first knock is the first time it connects after it have been rebooted, so it will send the command/file once per session
- filters:
- you can choose to only start task on certain countries and regions, and also specify a limit
- USB Spreader
- A feature built in the bot (Enabled through tasks)
- Will spread through USB devices
- Features (planned)
- Anti-virus update blocking (Will be working on something along the lines with Tughack's AVUB for the most common antivirus)
- Plugins:
- Spreaders (done/beta/in development):
- - Twitter*
- - MySpace* (fc)
- - Hi5* (fc)
- - ICQ* (fc)
- - MSN (fc)
- - Skype (fc)
- * these spreaders have been written earlier this year and might need improvements to work again
- * fc = full contact
- Spreaders (planned):
- - Facebook (Wall post)
- - AIM
- - xFire
- (Im not planning on making IM Spreaders for less popular ones like GTalk, Yahoo, etc)
- Other (done/beta/in development)
- - Reverse socks
- - Formgrabbing:
- The sites to grab will be specified in the panel, it will not grab every site like zeus and overload the server
- - Sniffer:
- a sniffer to grab WHM, Cpanel and FTP passwords on the fly
- - DDoS:
- I'm only planning to add HTTP flood, might add other types of floods in the future
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement