MalwareIntelligence is a site dedicated to research on all matters relating to anti-malware security, criminology computing and information security in general, always from a perspective closely related to the field of intelligence.

15.8.09

Fragus. New botnet framework In-the-Wild

A new web application written in php and developed as a delivery system exploits, malware and control spread of botnets, has entered the illegal market in crimeware promising to be one of the most exploited.

This is Fragus v1.0, which has joined from July 2009 to the long list of applications of this kind that seek to corner the black market. Its development is originated in Russia and is attached to the market at a cost sufficiently "competitive."


In recent months there has been new framework for the control and administration of botnets to make this a simple task like Liberty Exploit System and Eleonora Exploit Pack, among some other much older who have upgraded their capabilities to YES Exploit System and ElFiesta.

However, the finding of increasingly malicious applications of this style In-the-Wild isn't a casual situation, but responds to a business model that lies behind the development of crimeware and feeds itself with the marketing of a wide range of options.

From a general standpoint, Fragus has an attractive interface, support for English and Russian, and a simple statistical system that allows to obtain and compare information relating to browsers, operating systems (including their versions) and countries in which zombies have been recruited as part of the network (which is the same: a strategy that permits relating intelligence information in a timely manner). The following screenshot shows the statistical control.


It also has other features like:  

Ability to quickly check the data through a summary of which is accessed without loading the page. 
Manage the upload of files from the same admin panel.  
Allows you to specify a binary file name will be uploaded to the system.  
Ability to distinguish the traffic handled by a "client" to keep each metric independently.  
Lets you choose the file to upload from the admin panel or do a load of random.  
Allows you to "clients" maintain their own exploits kit by selecting from a list.  
Also allows you to control the statistical information from a separate domain to the administration panel, allowing access to information without performing the authentication process.  
Lets clear the statistical information in general or particular level of each "customer".  
All configuration options offered Fragus for the administration and control of botnets can be performed easily from the Framework.  
It has an internal search system that lets you search and find quick links to iframe in open traffic. Also in general or in particular for each "customer". 


    In addition, it also allows Fragus exploit vulnerabilities in high quality pictures, edit the number of domains needed to perform a migration of information without losing traffic, edit a URL in which packages exploit visits twice or more, ie downloaded from the same page several binaries, pdf, swf depending on the exploit.

    Examples of malware spread by Fragus are:

    Manual.pdf 
    Patch.exe

      Another aspect that stands out, and what crimeware unlike classic of its kind that has an instruction is designed to avoid detection of the domain used by searchbots (the domain associated with default when Fragus crimeware is released fragus.cn) and the installation process is cumbersome and needs to touch a configuration file manually, since it has a help assistant that lets have it installed in minutes.

      Among the exploits that have preinstalled are:

      MDAC 
      PDF printf() 
      PDF collectEmailInfo() 
      PDF getIcon() 
      MS DirectShow 
      MS09-002 - for IE7 
      MS Spreadsheet 
      AOL IWinAmp 
      MS Snapshot MS COM

      As we can see, this new crimeware that is inserted into the crime scene promises to be very competitive. In addition, the default malware is ready for dissemination has an alarmingly low rate of detection, which transforms the web application in a serious threat. 

      Related information this Blog
      Liberty Exploit System. Otra alternativa crimeware para el control de botnets
      Los precios del crimeware ruso. Parte 2
      Eleonore Exploits Pack. Nuevo crimeware In-the-Wild

      Jorge Mieres

      0 comentarios:

      Post a Comment