TRIAD Botnet II. Zombie-platform remote administration

A few days ago we mentioned the creation of a web application created for GNU/Linux platforms that allows to control and manage botnets through http protocol called TRiAD Botnet.

Despite its short life, the first version was launched on 18 February 2009, existing developments of this crimeware (just two more) designed to operate in both operating systems Linux and Windows. That is, the applicative evolved and became a multi crimeware.

The catch is presented below represents the second version. As shown, it retains the idea of a minimalist application, without too many demands and a bottom "showy".

While still maintaining the possibility of attacks distributed denial of service (DDoS), Bindshell, and ReverseShell, it has new features such as: delete bot from remote machine (Remove the bot on the remote machine), shutdown remote machine (turn off the computer remotely) and remote machine reboot (restart your computer remotely).

The first option, perhaps this conceived with the aim of providing a mechanism for self-defense eliminated zombie control any incident. As for the other two options would seem rather to have been created with the intention of "fun" against the victim machine.

Although not a complex threat, as if they are other crimeware as ZeuS, ElFiesta, Unique Sploits Pack or YES Sploits System, and its simple functionality is more like a backdoor in PHP, it's still a web application that can become very dangerous due to a problem: is free, open source, which means it can evolve according to the malicious intentions of the person or persons decide to "make up" their source code.


Related information this Blog
TRiAD Botnet. Administración remota de zombis en Linux

Jorge Mieres