The development of web applications-oriented botnets control and management through the http protocol, is at an advanced level by the underground community of Eastern Europe, particularly from Russia, where cyber criminals constantly flood the market crimeware clandestine marketing packages as Eleonore, ZeuS, ElFiesta, Adrenaline, and many others.
However, this business model that is already implanted, it expands into other territories where cyber-crooks ambition is mirrored by the trend difficult to stop, but with other philosophies: Crimeware Open Source. That is, development of open source software designed to be used for criminal purposes via the Internet.
In this case, it's a family of crimeware designed for control and administration of zombie networks.
This is a series of projects that seek, as the author (whose nickname is "cross"), make clear that the development of botnets in Perl is possible. Under the slogan "x1Machine Remote Administration System" available to the cyber crime organized two projects aimed at manipulation of botnets called Hybrid and TRiAD.
The "Hybrid" is the most ambitious. It's written in Perl, runs only on GNU/Linux platforms and allows, as is common in most of the style current crimeware, botnets manage http. While the author states that it was designed for malicious purposes, the legend that is at the interface of version 1 (the image shown below) said Botnet Control System, which is contradictory.
Configuration is done through a small panel which is accessed through the file HyGen.pl.
An interesting detail is that its interface is based on BlackEnergy, one of the first botnet-based administration via http designed to perform DDoS (Distributed Denial of Service).
This first version was born in early 2009 and now has three versions that incorporate some more features. It's written in C and through it can carry out three activities harmful: doing attacks Distributed Denial of Service (DDoS), Bindshell (execution of a shell and opening ports) and ReverseShell (notice a zombie connection).
This version, in addition to the features present in version 1, it has new features: elimination of the bot, shut down and restart the computer remotely. The following screenshot is for the download page.
Syn Flood con source IP spoofing: [SynStorm]-[Host]-[Port]-[Nr of Packets]-[Delay]
Bind Shell: [Bind Shell]-[Port]-[Allowed IP Address]
While the version for Windows platform offers:
UDP Flood: [Reverse Shell]-[Host]-[Port]
Small Proxy Server: [UdpStorm]-[Target IP]-[Target Port]-[Nr of Packets]-[Delay]
Reverse Shell: [Proxy Server]-[Port]-[Time(minutes)]
Regardless of the platform, both have in common the ability to:
Reboot remote machine
Shutdown remote machine
Delete bot from remote machine
Related information this Blog
TRiAD Botnet III. Administración remota de zombis multi...
TRiAD Botnet II. Administración remota de zombis multi...
TRiAD Botnet. Administración remota de zombis en Linux