Chinaunix首页 | 论坛 | 博客
  • 博客访问: 1411393
  • 博文数量: 416
  • 博客积分: 13005
  • 博客等级: 上将
  • 技术积分: 3297
  • 用 户 组: 普通用户
  • 注册时间: 2006-04-05 16:26
文章分类

全部博文(416)

文章存档

2014年(1)

2013年(4)

2012年(46)

2011年(64)

2010年(12)

2009年(4)

2008年(40)

2007年(187)

2006年(58)

分类: 网络与安全

2012-01-11 11:29:23

http://xylibox.blogspot.com/2011/12/herpes-botnet.html
Herpes botnet


I've received an email recently (from ) requesting me to have a look on 'Herpes' a sort of affiliate, you just have to register on the site and you can start to infect immediately (C&C and EXE ready after the registration)

Herpes sample on VirusTotal (13/43 >> 30.2%):


Advert:

Login:

Statistics:

Clients:

Task:

User:

About:

Call home:

Each 5secs:



A task was sent ? looking for the good:

ID| - Create a key 'id' at HKCU\Software\HSetting
DL| - Download
VI| - Visite webpage invisible
VV| - Visite webpage visible
UP| - Update
UN| - Unistall
EL| - Email Log (No feature inside the bot)
ES| - Email Screenshot (No feature inside the bot)

But don't forget: this service come from HF (mean there is a faggotry obligatorily somewhere)



cookie stealer fuckyeah.
This is not the first time i see Herpes:

The following dir was found (i've not searched alot):
• dns: 1 ›› ip: 209.190.61.26 - adresse: ZEROXCODE.NET




Edit: About HackForum, a wild scamer appeared !

 The "proof":

Well, this is a edited picture from one of my blackhole screenshots (109.236.81.244)
Nice try anyway.
9 comments:
virusnews said...

The virustotal link seems wrong. Can you post the right one please or give the MD5?

27 December 2011 04:43 Steven K said...

try to look on VT for: 91A3544D7792FFD092BABC9F83DFE731

27 December 2011 09:24
said...

Nice post.

27 December 2011 09:28
said...

Hahaha!, very buggy botnet console!!!, thanks Xylitol!!, check your address bar in the browser of the france bot!.

27 December 2011 14:34
Anonymous said...

hackforums.net? ftw

27 December 2011 18:01
Anonymous said...

all > hackforums.net > Void error

28 December 2011 15:12
said...

Yep.

28 December 2011 17:51
Anonymous said...

One of my favorite blogs evaaaaaar!!!
Greetz from Israel!

29 December 2011 09:40
Anonymous said...

bro,
you kill the bots?
is not even crypted, i found this yesterday binded whit some program, first time when i hear about herpes, after a google search i landed here
nice analysis.

30 December 2011 09:51
Post a Comment

阅读(819) | 评论(0) | 转发(0) |
给主人留下些什么吧!~~