Friday, December 4, 2009

A brief glance inside Fragus

Fragus is a web application developed for the management of zombies, of Russian origin, who long to live has been inserted crimeware clandestine market with an affordable price (USD 800) if we consider criminal capabilities it offers.

The crimeware is basically composed of five sections: Statistics, Files, Sellers, Traffic links and Preferences. Each handles a specific task and they all complement one another.

In the Files panel is handling the executable file that will spread.

Sellers are in management exploits. In this case, corresponding to the first version of Fragus.

Regarding the Traffic links module, allows the "previous" and setting the iframe script that will be injected into the page that shall act as "driver" for the implementation of the configurator exploits the previous panel, that look for vulnerabilities on the victim machine .

However, one of the patterns identified in each of the packages of this style is the Statistical module. This module provides the intelligence necessary for the botmaster get a detailed report of the teams not only zombies but also on certain aspects needed to know in detail what should exploit to run.

Another interesting patterns we can deduce on the basis of this information is that the operating system is exploited Windows XP with Internet Explorer, the exploit more effectively, despite being very old (MS06-014) is the one that takes the vulnerability in MDAC and that among the countries with the highest rates of infection are the USA and Korea.

This represents a common scenario where perhaps the relevance factor is the inference that perhaps common situation due to the large volume of user who uses the Microsoft operating system on a non-licensed, which leads to not update .

Finally, another important factor that must not be overlooked is that cyber-criminals are not interested in the controversy surrounding the safety levels offered by one or another operating system (Windows, GNU/Linux and Mac OS) but all fall into the same category of "potential victims" because the vulnerability exploited in layer 7.

Related information
Fragus. Nueva botnet framework In-the-Wild
JustExploit. Nuevo Exploit Kit que explota Java
DDoS Botnet. Nuevo crimeware de propósito particular
T-IFRAMER. Kit para la inyección de malware In-the-Wild
ZoPAck. Nueva alternativa para la explotación de vulnerabilidades

ZeuS Botnet y su poder de reclutamiento zombi
Eleonore Exploits Pack. Nuevo crimeware In-the-Wild
Liberty Exploit System. Otra alternativa (...) para el control de botnets

Jorge Mieres
Pistus Malware Intelligence

No comments: