Sunday, May 10, 2009

Adrenalin botnet. The trend marks the Russian crimeware

A different crimeware packages that we have briefly dealt with in some time, it adds Adrenalin.

Another Russian crimeware home only a few months of life, and doesn't purport to be better or worse than others of his family, nor, almost certain dislikes "work" in conjunction with other crimeware :-)

This last sentence appears to advertise a sale, actually reflects the current situation a little of the spread of malware and crimeware employment. Thing that we saw through Scripting attack II.

And we say that Adrenalin isn't very different from others because it also allows malicious code spread through hiding exploits obfuscated script injection of malicious code into the source code of web pages, use of Drive-by-Download, theft of information through sniffer, administration and remote control via web, etc.

However, it has some characteristics that differentiate it from others, perhaps it would also show its high cost compared to its competitors (approximately USD 3500) such as:
  • Collection of digital certificates,
  • Different methods of injection of viral code,
  • Makes use of local pharming redirects required to achieve without the user's perception,
  • Implements keylogger with screen capture,
  • Implements avoidance techniques to avoid being detected by security tools like firewalls and antirootkits,
  • Specific modules for cleaning of fingerprints,
  • Encryption of the information it collects.
Among other things, has another striking feature that isn't novel but rather particular: remove malware from the competition :-)

As seen clearly, the trend that the Internet is the greatest exponent of attack platforms, notably through crimeware applications as we have been commenting regularly on this blog.

Still, there are a couple of questions that are around in my head, and it basically translates into: why there are more and more automated crimeware packages? Why the high cost?

Trying to analyze it a little bit, maybe we have the answers before the eyes in everyday life who are dedicated to the field of security. The answer to your first question, may have a biased perspective on money channeled, that is, of course, information is the documentation of best value (however small it's and regardless of whether classification) and taking into account that, cyber-criminals looking to get money with this information, transformed the world of malware in a big business, highly profitable and difficult to break.

On the other hand, this is a problem that can not be linked through obviate the fact that it's offered as crimeware and 24x7 technical support, which means that more and more criminal-minded users are running as candidates in searching for the economic benefit that the crimeware, the larger the word, is as criminal organization via Internet.

On the second, perhaps the answer is directly related in that the cost of buying a kit of this style, can be recovered very quickly, especially bearing in mind that the botnets that are administered through these applications are often rented to other botmasters, others spammers or other characters in this dark underworld, as I mentioned in another post, reminds me of the stories of William Gibson in Neuromancer.

Related Information
Zeus Carding World Template. Change the playing side of the botnet - Spanish version
Financial institutions targeted by the botnet Zeus. Part two - Spanish version
Financial institutions targeted by the botnet Zeus. Part one - Spanish version
YES Exploit System. Another crimeware made in Russia - Spanish version
Russian prices of crimeware - Spanish version
Barracuda Bot. Botnet activamente explotada
Unique Sploits Pack. Crimeware para automatizar la explotación de vulnerabilidades
Danmec Bot, redes Fast-Flux y reclutamiento de Zombies PCs
Creating Online polymorphic malware based PoisonIvy - Spanish version

# Jorge Mieres

No comments: