Publié le par SSTA

-PoisonIvy Rat: P1/P2

In this example the server file (orishas.exe) is not detected by the scanner engine as malicious:

-MiniTunnel (pure backdoor which does not install itself on the system but just acts as a server): F1/F2

False positives of 2 scanner engines (F-Prot and Authentium):

-Backdoor IRCBOT.xk (Kaspersky): P1/P2

-Trojan Dropper Neblso: P1/P2

For our example, we've choosed to join a basic builded rootkit (a double click on the image and the rootkit is executed).

The image:

-Fram DDOS Trojan: P1/P2

-BlueEye trojan: P1/P2

-Trojan Downloader Win32.Delf.alw: P1/P2

-Leviathan trojan: P1/P2

-MSN Password stealer: P1/P2

-Troja trojan: P1/P2 ( Trojan generic alert)

-ComRat/Backdoor small.hj: P1/P2

-Lamebot: P1/P2

-Backdoor.VB.bax: P1/P2

An excellent and exhaustive RAT with many control and spy functions:

With VMWare detection option:

-Amitis trojan: P1/P2

-Backdoor Small.lp: P1/P2

-"Chinese Trojan" (chinese language is not installed on our test PC) : P1/P2

-Password Stealer Trojan (PSW.Delf.jl): P1/P2 (Trojan generic alert)

-Skatan Bot: P1/P2

-BatBot: P1/P2

-G Spot Bot: P1/P2

Bot are statistically much more important than virus and worms: as malwares coders are driven by money, botnets is the first step for DDOS and cyber-extortion (there's also a kind of "Wall-Street" of botnets).
But it seems that this eastern Europe speciality is less and less used by computer criminal gangs...
For more informations, papers of the first HotBot's conference are available here.
An example of botnet manager:

Publié dans KASPERSKY 6 TEST

Commenter cet article