The bot’s capabilities include:
Full Analysis by Jose can be found at arbor
- Perform DDoS attacks: UDP floods, SYN floods, HTTP floods, and Slowloris attacks
- Detect some analyst tools (Commview, TCPView, and Wireshark) and platforms (QEMU, VMWare, VirtualPC)
- Spread over USB, MSN, YahooMessenger
- “Visit” sites, speedtest
- Download and install, update, and remove arbitrary software
- Detect and stop DDoSer, Blackshades, Metus and IRC bots on the box; it apparently can speak “DDoSer” too
- Spread as a torrent file
- Steal logins stored in the SQLite DB by Mozilla
Full Analysis by Jose can be found at arbor
No comments:
Post a Comment