Select Page

Botnet controllers are getting quite sophisticated.  And as we can here, even visually appealing.

Check out this botnet controller that our Adam Thomas just found. 

Here’s the main control page:

Mainconsole123108123

Here’s the reports page. 

 Statsmainconsole123108123

It’s even translated into multiple languages, as not all hackers speak perfect English:

Translatedstatsmainconsole123108123

There’s also some handy-dandy code we discovered there for html code injection, which is used for phishing. 

Htmlinjection2108fasdf

Then, we found the stolen data.  Credit card numbers, passwords, the works, from countries all over the world.  Sick stuff.

The botnet lives off a bunch of really ugly malware, with the following file names (Virustotal links included). 

iexplore.exe
ieschedule.exe
ib14.dll
smss.exe
ieserver.exe
preredir.exe
harvest.exe
ieredir.exe

Current virus detection is pretty weak on this set of malware. 

Of course, the trojans look perfectly legitimate:

Virussample1081231

 

Alex Eckelberry 

 


Fatal error: Uncaught wfWAFStorageFileException: Unable to save temporary file for atomic writing. in /home/eckelberry1966/public_html/sunbeltblog/wp-content/plugins/wordfence/vendor/wordfence/wf-waf/src/lib/storage/file.php:34 Stack trace: #0 /home/eckelberry1966/public_html/sunbeltblog/wp-content/plugins/wordfence/vendor/wordfence/wf-waf/src/lib/storage/file.php(658): wfWAFStorageFile::atomicFilePutContents('/home/eckelberr...', '<?php exit('Acc...') #1 [internal function]: wfWAFStorageFile->saveConfig('livewaf') #2 {main} thrown in /home/eckelberry1966/public_html/sunbeltblog/wp-content/plugins/wordfence/vendor/wordfence/wf-waf/src/lib/storage/file.php on line 34