What are cybercrime-facilitating programmers up to when they’re not busy fulfilling custom orders? Releasing DIY (do-it-yourself) user-friendly tools allowing anyone an easy entry into the world of cybercrime, and securing their revenue streams thanks to the active advertisements of these tools across closed cybercrime-friendly Web communities.
In this post, I’ll profile a recently advertised DIY HTTP-based botnet tool, that allows virtually anyone to operate their own botnet.
More details:
Sample login page of the DIY HTTP-based botnet tool:
Sample statistics page:
As you can see in the attached screenshot, the botnet master has already managed to infect 232 hosts, 130 of which are based in Spain and are running Windows XP.
Sample commands list:
Sample commands list, part two:
The bot has a built-in pharming feature, a bit of an outdated approach for stealing accounting data compared to modern crimeware releases, but still highly effective on hosts where the user isn’t aware of how the process actually works.
Sample settings page:
Actual description of the DIY HTTP-based botnet tool:
Coded in Visual Basic Script 6.0
Connect:
* – Domain 4 connections
* – Mutex Anti double execution
* – Access Key Exe (Server with password)
* – Antianalizadores (10-20 Pc locked, USA, ROMANIA, CHINA, GERMANY, ETC)
* – Description of the server for updates (Register exe version)
* – Melt function
* – Connection time 120 seconds (more than 1GB RAM VPS-10k)
————————————————– —————————-
Build options:
* – Download and run hidden mode
* – Upgrading Server (Need key exe) ‘download the new server.exe eliminating the current to be replaced by the new volk or some other botnet, the volk will be removed from windows start.
* – Remove Bot
Explorer options:
* – Navigate Website (Visible) ‘bots visit a url with the default explorer
* – Visit the website (Hidden) ‘bots visit a url in hidden mode
Banking Options:
* – Hosts Pharming (win32) ‘Bots are modified for visiting fake web ip / domain
WebPanel Options:
* – Command (Run Command) ‘is run by Bots, Shuffle, Country, Builder, Systema Operating or all bots
* – Setting User: Option to change password webpanel add user permissions, manager or just modding
* – BOTLIST: Displays the name of Bot, IP, PAIS, OPERATING SYSTEM, BUILD, AND LAST CONNECTION INFO EXE.
* – Statistics: Displays total bots, bots online, Offline Bots, Bots concect.
We’ll continue monitoring the development of this emerging ecosystem trend, and post updates as soon as new developments emerge.
You can find more about Dancho Danchev at his LinkedIn Profile. You can also follow him on Twitter.
