MalwareIntelligence is a site dedicated to research on all matters relating to anti-malware security, criminology computing and information security in general, always from a perspective closely related to the field of intelligence.

8.8.09

TRiAD Botnet III. Remote administration of multi-platform zombies

TRIAD is a web application designed to monitor and manage botnets by using GNU/Linux and MS Windows via the http protocol and of which we have discussed recently. It's part of an even more ambitious project by its author (who calls himself "cross"), called Hybrid Remote Administration System and which we will talk soon ;P

This time, it's version 3 TRIAD botnet. This web application is still in "infancy" but that nevertheless is in constant development and from version 2 has become a multi-platform crimeware. His full name is actually TRIAD HTTP Control System v0.3.

This latest version of crimeware has slight differences (improvements would say the creator) with respect to its predecessor. At first glance, highlights in its new interface, something we might say, characterizes the application.

Like its predecessors, is written in C ++ and compiled with GCC.

While no statistics as if they have features found in more sophisticated crimeware applications, has a number of options that makes it a danger. For now, its features are:

In GNU/Linux system: 

    Syn Flood con source IP spoofing: [SynStorm]-[Host]-[Port]-[Nr of Packets]-[Delay]   
    Small HTTP Server: [HTTP Server]-[Port]-[Time(minutes)]   
    Bind Shell: [Bind Shell]-[Port]-[Allowed IP Address]

    While the version for Windows platforms includes: 
      UDP Flood: [Reverse Shell]-[Host]-[Port] 
      Small Proxy Server: [UdpStorm]-[Target IP]-[Target Port]-[Nr of Packets]-[Delay] 
      Reverse Shell: [Proxy Server]-[Port]-[Time(minutes)]

      Regardless of the platform, the two have in common the ability to: 
      Sleep  
      Reboot remote machine  
      Shutdown remote machine  
      Delete bot from remote machine

        Through a recent update for now, only the version that runs on GNU/Linux provides the ability to generate the configuration file through a GUI, this way, the process is much simpler.

        The configuration file is generated then compiled to create the bot and getting a new crimeware through some simple steps.

        However, this creates a counter that has to do with an issue of optimization and that when you upgrade the bots, it would make an individual, which is annoying for a botmaster advanced.

        The crimeware this trend has created a style of hard braking, which marks a turning point on the control and administration of botnets represents a major effort by the security community in the fight against organized cyber crime which are in the current state of criminal activities committed through the Internet. 

        Related information this Blog
        TRiAD Botnet II. Administración remota de zombis...
        TRiAD Botnet. Administración remota de zombis en Linux
        Eleonore Exploits Pack. Nuevo crimeware In-the-Wild
        Especial!! ZeuS Botnet for Dummies
        ElFiesta. Reclutamiento zombi a través de múltiples amenazas
        Adrenalin botnet: zona de comando. El crimeware ruso marca...
        Chamaleon botnet. Administración y monitoreo de descargas
        YES Exploit System. Otro crimeware made in Rusia
        Barracuda Bot. Botnet activamente explotada
        Unique Sploits Pack. Crimeware para automatizar...

        Activities botnets
        Fusión. Un concepto adoptado por el crimeware actual
        ZeuS Carding World Template. Jugando a cambiar la cara...
        Unique Sploits Pack. Manipulando la seguridad del atacante...
        Scripting attack II. Conjunción de crimeware para obtener...
        Zeus Botnet. Masiva propagación de su troyano. Segunda parte
        Danmec Bot, redes Fast-Flux y reclutamiento de Zombies PCs

        Jorge Mieres

        0 comentarios:

        Post a Comment