MalwareIntelligence is a site dedicated to research on all matters relating to anti-malware security, criminology computing and information security in general, always from a perspective closely related to the field of intelligence.


Brief review of Passenger Admin Panel

If you 5/6 years ago we were talking about control and centralized management of botnets (C&C) via http, when the massive operating botnets through IRC channels, it was seen as a trend.

After the first appearance of the odd kit, demand began to be high but the supply was poor. However, despite having spent several years, today continue to set trends in crimeware and demand remains high but with the difference that the offer is directly proportional.

Under this scenario every day we witness the appearance of any web application that adds to the offer, exclusively designed to feed the demand, facilitate and manage intelligence "assets" (zombies) of offenders. Another concrete example of this trend is Passenger Admin Panel.

As can be seen in terms of images, Passenger is of Russian origin and apparently it's a private version or designed on demand, as there are no references to its development.

It has only three options. The first of these, the statistics panel which centralises information relating to number of zombies (in this case 16.845), number of active zombies (582) - this information is refreshed every 60 minutes - many recruited zombies per day (36) , number of victims during the past 24 pm (7.349), among other data.

The statistics continue to show data about the versions of the bots and the amount of zombies recruited by each affiliate ID with the number of victims who have (in this case there are two affiliated with zombies 16.842 and 3 respectively), status of the module over Interestingly called Putty Grabber with your records and the number of operating systems involved.

Regarding operating systems that are part of the range of victims of this botnet are:

  • Microsoft Windows 2000 Service Pack 3
  • Microsoft Windows Server 2003    
  • Microsoft Windows Server 2003 Service Pack 1 and 2
  • Microsoft Windows Server 2003 R2 Service Pack 1 and 2
  • Microsoft Windows XP
  • Microsoft Windows XP Service Pack 1, 2 and 3
  • Windows XP by Rushen 10.5 Minimal Service Pack 3
  • Windows Vista (TM) Business    
  • Windows Vista (TM) Business Service Pack 1 and 2
  • Windows Vista (TM) Home Basic
  • Windows Vista (TM) Home Basic Service Pack 1 and 2
  • Windows Vista (TM) Home Premium    
  • Windows Vista (TM) Home Premium Service Pack 1 and 2
  • Windows Vista (TM) Ultimate Service Pack 1 and 2
  • Windows Server (R) 2008 Standard Service Pack 2
Passenger can set the task of updating the bot through a previously assigned URL that points to a file called u.php. However, as mentioned above, the most interesting feature for the offender provides Putty Grabber module, which displays specific information and stores sensitive data for each compromised computer.

Undoubtedly, the crimeware is a very critical problem that operates globally and on a large scale, and the constant emergence of alternatives as specified in this is further evidence of this.

Related Information
State of the art in CRiMEPACK Exploit Pack
Siberia Exploit Pack. Another package of explois I...
RussKill. Application to perform denial of service...
JustExploit. New Exploit kit that uses vulnerabili...
DDoS Botnet. New crimeware particular purpose
T-IFRAMER. Kit for the injection of malware In-the...
Fragus. New botnet framework In-the-Wild
Liberty Exploit System. Alternatively crimeware to...
TRiAD Botnet III. Remote administration of multi-p...

1 comentarios:

Anonymous said...

i was here
hi to fucked rat

Post a Comment