Sunday, February 8, 2009

Creating Online polymorphic malware based PoisonIvy

Obviously, the creators and propagators of malicious code found in this way of life a profitable than keeping them on a daily focus on creating new alternatives that allow them to earn "extra money" by means of malicious programs where time, cost and benefit attributes appear to be seeking in their applications.

Joined the Internet today is also a hostile environment, when it's used taking into account the minimum and necessary precautions in terms of security, is used as a platform to commit various types of attacks and, as in this case, offer a variety "services", including the creation of malicious code.

This is the online version of PoisonIvy called Polymorphic PoisonIvy Builder Online, a trojan known within the world of malware that respects the classic creation of malicious code to create a trojan (server) that spreads to infect computers and then control those infected computers to through the client program.

However, this online version has an extra component that makes the result in a much more dangerous malware that created the conventional way of adding features polymorphic. This means that each binary set up by means of this automatic is different because it completely changes your code.

This feature seeks to evade detection by antivirus signatures and prolong their life cycle, implying that at least the AV detected more money generated by their creator.

This package is written in PHP/ASM and while the creation of malware is done online, isn't free, is marketed at a price of U$S 500. In the screenshot we can see its features:

This situation is merely another of the many shows that make it clear that malware is a business, an industry where more and more developers to join their ranks.

# Jorge Mieres

No comments: