A peek inside the uBot malware bot
i 5 Votes
By Dancho Danchev
Participants in the dynamic cybercrime underground ecosystem are constantly working on new cybercrime-friendly releases in the form of malware bots, Remote Access Tools (RATs) and malware loaders.
Continuing the “A peek inside…” series, in this post I will profile yet another DIY (do-it-yourself) malware bot, available at the disposal of cybercriminals at selected cybercrime-friendly online communities.
Description of the malware bot:
“µBOT, originally named “WEBNET”, is a stable HTTP bot created for the use of herding and is perfect for collecting hundereds, and thousands of bots at an affordable price. The simple to use interface and reliable bot allows you to control your botnet with confidence, knowing your bots are safe and stable is what botnet masters need most, and this is what we provide to you with µBOT.The “µ” within in our name represents simplicity and small size, which is directly in relation with our bot itself, with a tiny size of 9kb compressed with the control from the easy-to-use control panel.”
uBot’s malware bot features include:
INSTANT Infection, no waiting.
- Download & Execute.
- Update.
- Visit Webpage [Visible].
- Visit Webpage [Invisible].
- Uninstall.
- Add to Startup.
- Critical Process.
- Hidden File.
- Admin detection.
- Mutex.
- Coded in VB6, no .NET Framework dependency!
- Small, ~10kb compressed, 36kb uncompressed.
- Great stability.
Panel:
- Detailed statistics.
- Location plot, map graph.
- Pie Charts [Bot Status, Operating System, Admin].
- Tool-tip for last commands sent for each client.
- Bot selection preferences.
- Integrated Ajax, means everything is realtime! From client list to bot count.
Screenshots of the uBot malware bot:
The AJAX- based bot is coded in VB6, meaning there are no .NET Framework dependencies. Next to the small size – ~10kb compressed, 36kb uncompressed — the malware bot offers an easy to use web-based command and control interface, positioning it as the perfect tool in the arsenal of the malicious attacker.
Webroot’s Security Team is currently in the process of analyzing the malware bot, to ensure that Webroot SecureAnywhere customers are protected for its variants.
Related posts:
A peek inside the PickPocket Botnet
A peek inside the Cythosia v2 DDoS Bot
A peek inside the Umbra malware loader
You can find more about Dancho Danchev at his LinkedIn Profile. You can also follow him on Twitter.
Tell your friends:Facebook3Twitter22DiggRedditStumbleUponEmailLike this:LikeBe the first to like this post.
This entry was written by ddanchev and posted on January 26, 2012 at 12:18 pm and filed under Backdoors, Downloaders, Keyloggers, malware, Passwords, Threat Research, Trojans with tags cybercrime, Malicious Software, security, Ubot Malware Bot. Bookmark the permalink. Follow any comments here with the RSS feed for this post. Post a comment or leave a trackback: Trackback URL.
« Researchers intercept a client-side exploits serving malware campaign
阅读(1046) | 评论(0) | 转发(0) |
