Analysis of Skunkx DDoS Bot

The bot’s capabilities include:

• Perform DDoS attacks: UDP floods, SYN floods, HTTP floods, and Slowloris attacks
• Detect some analyst tools (Commview, TCPView, and Wireshark) and platforms (QEMU, VMWare, VirtualPC)
• Spread over USB, MSN, YahooMessenger
• “Visit” sites, speedtest
• Download and install, update, and remove arbitrary software
• Detect and stop DDoSer, Blackshades, Metus and IRC bots on the box; it apparently can speak “DDoSer” too
• Spread as a torrent file
• Steal logins stored in the SQLite DB by Mozilla

Full Analysis by Jose can be found at arbor