I've received an email recently (from ) requesting me to have a look on 'Herpes' a sort of affiliate, you just have to register on the site and you can start to infect immediately (C&C and EXE ready after the registration)
Herpes sample on VirusTotal (13/43 >> 30.2%):
Advert:
Login:
Statistics:
Clients:
Task:
User:
About:
Call home:
Each 5secs:
A task was sent ? looking for the good:
ID|
- Create a key 'id' at HKCU\Software\HSetting
DL| - Download
VI| - Visite webpage invisible
VV| - Visite webpage visible
UP| - Update
UN| - Unistall
EL| - Email Log (No feature inside the bot)
ES| - Email Screenshot (No feature inside the bot)
DL| - Download
VI| - Visite webpage invisible
VV| - Visite webpage visible
UP| - Update
UN| - Unistall
EL| - Email Log (No feature inside the bot)
ES| - Email Screenshot (No feature inside the bot)
But don't forget: this service come from HF (mean there is a faggotry obligatorily somewhere)
cookie stealer fuckyeah.
The following dir was found (i've not searched alot):
•
dns: 1 ›› ip: 209.190.61.26 - adresse:
ZEROXCODE.NET
Edit: About HackForum, a wild scamer appeared !
The "proof":
Well, this is a edited picture from one of my blackhole screenshots (109.236.81.244)
Nice try anyway.
The virustotal link seems wrong. Can you post the right one please or give the MD5?
27 December 2011 04:43try to look on VT for: 91A3544D7792FFD092BABC9F83DFE731
27 December 2011 09:24Nice post.
27 December 2011 09:28Hahaha!, very buggy botnet console!!!, thanks Xylitol!!, check your address bar in the browser of the france bot!.
27 December 2011 14:34hackforums.net? ftw
27 December 2011 18:01all > hackforums.net > Void error
28 December 2011 15:12Yep.
28 December 2011 17:51One of my favorite blogs evaaaaaar!!!
29 December 2011 09:40Greetz from Israel!
bro,
30 December 2011 09:51you kill the bots?
is not even crypted, i found this yesterday binded whit some program, first time when i hear about herpes, after a google search i landed here
nice analysis.