MalwareIntelligence is a site dedicated to research on all matters relating to anti-malware security, criminology computing and information security in general, always from a perspective closely related to the field of intelligence.


n0ise Bot. Crimeware particular purpose for DDoS attacks

DDoS attacks are not a trivial problem, and various web applications in this style, such as BlackEnergy have been used to run campaigns of massive attacks, in the case of BE during the conflict between Russia and Georgia.

The impact of such threats is extremely critical, and under this flag in the circuit enters the business that is channeled through crimeware, a web application called n0ise Bot German origin, although not yet have a good impact on criminal ecosystem, takes on the black market for some time.

n0ise Bot is designed exclusively to recruit zombies and executing attacks Distributed Denial of Service.

It has a minimalist design but offers the information needed to manage the zombies to be used as a means to carry out DDoS attacks.

The commands that can be used through the basic configuration of this crimeware are:
  • Syn-Flood - synflood*Host*Port*Threads*Sockets
  • HTTP-Flood - httpflood*Host*Threads
  • UDP-Flood - udpflood*Host*Port*Threads*Sockets*Packetsize
  • ICMP-Flood - icmpflood*Host*Port*Threads*Sockets*Packetsize
  • Multi Stealer - steal*Link to Uploadscript
  • Download and Execute - downandexe*LinkToFile
  • Visit Page - visit*Link
  • Bot Update - update*LinkToNewBot
  • Remove Bot - remove*Name
The business strategy employed for the sale of crimeware, adds to the tendency to whiten their existence through the advertising displayed across the website "official" crimeware called Coding-Revolutions, which also sell other applications for handling malicious code for "secure communications" under the slogan "Willkommen im Shop von neuen n0ise Malware!" (Something like "Welcome to the new store n0ise malware").

This business model has been used in other opportunities to promote Unique Sploits Pack, YES Exploit System and Mariposa Botnet.

As shown in the image, n0ise Bot cost is € 50 (only the binary without the constructor) and € 250 (binary lifetime including future upgrades) transactions are made through the service paysafecard, a payment system online that leaves no traces of those involved in the transactions.

However, since May 2010 the developer has released the second version (2.1) where the cost of the binary is still € 50 but the lifetime value of this low at € 200, perhaps as a consequence of their lack of impact between computer criminals.

Related information

0 comentarios:

Post a Comment