Tuesday, April 19, 2011

Analysis of Skunkx DDoS Bot

The bot’s capabilities include:
  • Perform DDoS attacks: UDP floods, SYN floods, HTTP floods, and Slowloris attacks
  • Detect some analyst tools (Commview, TCPView, and Wireshark) and platforms (QEMU, VMWare, VirtualPC)
  • Spread over USB, MSN, YahooMessenger
  • “Visit” sites, speedtest
  • Download and install, update, and remove arbitrary software
  • Detect and stop DDoSer, Blackshades, Metus and IRC bots on the box; it apparently can speak “DDoSer” too
  • Spread as a torrent file
  • Steal logins stored in the SQLite DB by Mozilla

Full Analysis by Jose can be found at arbor

No comments: