Friday, August 28, 2009

Development of Open Source crimeware to control and manage botnets

The development of web applications oriented botnets control and management through the http protocol, is at an advanced level by the underground community of Eastern Europe, particularly from Russia, where cyber criminals constantly flood the market crimeware clandestine marketing packages as Eleonore, ZeuS, ElFiesta, Adrenaline, and many others.

However, this business model that is already implanted, it expands into other territories where cyber-crooks ambition is mirrored by the trend difficult to stop, but with other philosophies: Crimeware Open Source. That is, development of open source software designed to be used for criminal purposes via the Internet.

In this case, it's a family of crimeware designed for control and administration of zombie networks.

This is a series of projects that seek, as the author (whose nickname is "cross"), make clear that the development of botnets in Perl is possible. Under the slogan "x1Machine Remote Administration System" available to the cyber crime organized two projects aimed at manipulation of Hybrid and TRiAD called botnets.

Hybrid Project
The "Hybrid" is the most ambitious. It's written in Perl, runs only on GNU/Linux platforms and allows, as is common in most of the style current crimeware, botnets manage http. While the author states that it was designed for malicious purposes, the legend that is at the interface of version 1 (the image shown below) said Botnet Control System, which is contradictory.

Configuration is done through a small panel which is accessed through the file HyGen.pl.

Version 2 (screenshot) maintains the same features as its predecessor. For the moment, is in a state of "Proof of Concept (PoC). However, it can be manipulated by any cyber-crooks to make it fully functional and add more components to abuse of the undead.

An interesting detail is that its interface is based on BlackEnergy, one of the first botnet-based administration via http designed to perform DDoS (Distributed Denial of Service).

TRiAD Project
About this crimeware already been discussed. This is a side project whose first version (screenshot) is designed, like the Hybrid project, to operate under GNU/Linux environment.

This first version was born in early 2009 and now has three versions that incorporate some more features. It's written in C and through it can carry out three activities harmful: doing attacks Distributed Denial of Service (DDoS), Bindshell (execution of a shell and opening ports) and ReverseShell (notice a zombie connection ).

TRiAD HTTP Control System v2 is the second version of the project that evolved into a multiplatform crimeware can be implemented on Windows and GNU/Linux.

This version, in addition to the features present in version 1, it has new features: elimination of the bot, shut down and restart the computer remotely. The following screenshot is for the download page.

Like the second version, TRiAD HTTP Control System v3 is written in C, compiled with GCC and runs under Windows and GNU/Linux. Its features are:

In GNU/Linux:
  • Syn Flood con source IP spoofing: [SynStorm]-[Host]-[Port]-[Nr of Packets]-[Delay]
  • Small HTTP Server: [HTTP Server]-[Port]-[Time(minutes)]
  • Bind Shell: [Bind Shell]-[Port]-[Allowed IP Address]
While the version for Windows platform offers:
  • UDP Flood: [Reverse Shell]-[Host]-[Port]
  • Small Proxy Server: [UdpStorm]-[Target IP]-[Target Port]-[Nr of Packets]-[Delay]
  • Reverse Shell: [Proxy Server]-[Port]-[Time(minutes)]
Regardless of the platform, both have in common the ability to:
  • Sleep
  • Reboot remote machine
  • Shutdown remote machine
  • Delete bot from remote machine
Clearly, this situation is aggravating a number of aspects that make this type of "initiatives" sources ideal for aspiring script kiddies to cyber-criminals for their free status, as for professional developers can tailor their code to add functionality that is adapted to the needs of each buyer (usually botmasters) depending on the platform that you want to explode.

Related information
TRiAD Botnet III. Administración remota de zombis multi...
TRiAD Botnet II. Administración remota de zombis multi...
TRiAD Botnet. Administración remota de zombis en Linux

# Jorge Mieres

Sunday, August 16, 2009

Twitter Stuff



Our tweets are on Rootkit Analytics... Check it out.

Saturday, August 15, 2009

Fragus. New botnet framework In-the-Wild

A new web application written in php and developed management system exploits, malware and control spread of botnets, have entered the illegal market in crimeware promises to be one of the most exploited.

This is Fragus v1.0, which has joined since July 2009 to the large list of applications of this kind that seek to capture the black market. This development originated in Russia and is inserted into the market with a cost sufficiently "competitive."

In recent months there are new framework for the control and administration of botnets to make this a very simple task as Liberty Exploit System and Eleonora Exploits Pack, among some other much older that have upgraded their capabilities to YES Exploit System and ElFiesta.

However, the fact finding increasingly malicious applications of this style In-the-Wild isn't a coincidence, but a response to a business model behind the development of crimeware and feeds himself with marketing of a wide range of options.

From a general point of view, Fragus has an attractive interface, support for english and russian language and a simple system that allows you to get statistics and compare information about browsers, operating systems (including versions) and countries in which zombies have been recruited as part of the network (which is the same: an intelligence that allows linking information in a timely manner). The following screenshot shows the statistical control.

It also has other features like:
  • Ability to quickly check the data through a summary of which is accessed without loading the page.
  • Manage the upload of files from the admin panel.
  • Allows you to specify a binary file that is uploaded to the system.
  • Ability to distinguish traffic by a "client" for each statistic separately.
  • Choose the file to upload from the admin panel or do a load of random.
  • Allows the client to maintain their own kit by selecting from a list of exploits.
  • It can control the statistical information from a domain independent of the administration, which allows access to information without performing the authentication process.
  • Lets clear the statistical information of a general or particular in each "customer."
  • All configuration options offered Fragus for the administration and control of botnets can be performed easily from the Framework.
  • Has an internal search system that lets you search and find quick links to iframe open in traffic. Also in general or in particular for each "customer."
In addition, also allows Fragus exploit vulnerabilities in high quality images, edit the number of domains necessary for a migration of information without losing traffic, edit a URL in the exploit packets which visits twice or more, ie downloaded from the same page several binaries, pdf, swf depending on the exploit.

Examples of malware spread Fragus are:
His exploits modular system lets you add easily and has a crypt (optional) written from scratch, according to the author, avoiding detection by a large number of antivirus companies without overburdening the browser. But nevertheless, it also allows you to select a different encrypt giving the "client" to decide which encrypts not limited to use by default. The author also says that Fragus is optimized to work seamlessly with large flows of traffic and minimal load on the server.

Another aspect that stands out and differentiates it from the classical type of crimeware is that it has an instruction to avoid detection of the domain used by the searchbots (the domain associated with default Fragus when it launched the crimeware fragus.cn) and the installation process is cumbersome and not need to touch any configuration file manually, since it has a wizard that allows aid have it installed in minutes.

Among the exploits that have preinstalled are:
  • MDAC
  • PDF printf()
  • PDF collectEmailInfo()
  • PDF getIcon()
  • MS DirectShow
  • MS09-002 - for IE7
  • MS Spreadsheet
  • AOL IWinAmp
  • MS Snapshot MS COM
The cost of this first version of Fragus is USD 800. This value includes the source code is protected with IonCube. The cost of the crypt (written from scratch) is USD 150 and USD 30 for other hidden operation of crimeware to evade detection, perhaps with fast-flux techniques.

In short, the "service" complete Fragus has a cost of USD 980 and, as usual in this illegal market, the "treatment" of purchases made through ICQ and the transaction of money via WebMoney.

As we can see, this new crimeware that is inserted into the crime scene promises to be very competitive. Furthermore, the malware that is ready for dissemination defect has a disturbingly low rate of detection, which transforms the web application in a serious threat.

Related Information
Liberty Exploit System. Otra alternativa crimeware para el control de botnets
Los precios del crimeware ruso. Parte 2
Eleonore Exploits Pack. Nuevo crimeware In-the-Wild

# Jorge Mieres

SpyOS Toolkit

SpyOS is a tool developed for RootkitAnalytics[will be moved to SpywareAnalytics, after the release] for analyzing Windows systems. The following is a sample snapshot of what the tool looks like:



Thanks to every volunteer who has kept our team rolling.

- EF

Thursday, August 13, 2009

Prices of Russian crimeware. Part 2

Criminal activities of which are fed daily cyber criminals through a business model implemented by themselves, are channeled through the underground market that offer "services" more professionals to suit the needs of cyber -organized crime.

Consequently, every day there are new crimeware applications to enhance the economics of cyber-criminals, whatever the role in the criminal chain. Some of these crimeware is reflected below, highlighting the costs are within the illegal market.

CRUM Cryptor Polymorphic v2.6
This is an application type crypter. Its main feature is the ability to generate polymorphic malware encrypts every file created with a random key of 256 bytes. It also offers the possibility of the anti-malware analysis processes such as the detection of virtual machines. Your cost is USD 200 and includes updates for free.

CRUM Joiner Polymorphic v3.1
In this case, the main function is the ability to merge files without any limit on the amount. Like the previous binary can refer to a 256-byte encryption, polymorphic and detection capabilities of virtual machines. The price is USD 100 and upgrades are free.

More information about this family of crimeware

Eleonore Exploits Pack v1.2
Eleonore is a package of exploiting vulnerabilities and network control zombies. The cost of the latest version is USD 700. For an additional cost of USD 50 provides access to their crypter.

By default, the crimeware is linked to a number of domains, but there is the possibility of leaving it disconnected but its value is free to USD 1500, including Crypter. It's designed to exploit the following vulnerabilities: MDAC, MS009-02, Telnet - Opera, Font tags - FireFox, PDF collab.getIcon, PDF Util.Printf, PDF collab.collectEmailInfo, DirectX DirectShow and Spreadsheet.

Eleonore Exploits Pack v1.1
The previous version has a cost of USD 500 and unlike the version 1.2, the module hasn't exploit Spreadsheet.

More information about Eleonore Exploits Pack

Unique Sploits Pack v2.1
One of the botnets applications designed for managing web via HTTP. Current value is USD 750 and includes free updates and Crypter. For those who have older versions, the upgrade to this version has an aggregate value of USD 200.

The ability to exploit vulnerabilities that are: MDAC for IE 6, PDF exploit for IE 7, Opera and Firefox, PDF exploit for Adobe Acrobat 9, PDF Doble. Download simultaneously two exploits in PDF, MS Office Snapshot for IE 6 y 7, IE 7 XML SPL, Firefox Embed, IE 7 Uninitialized Memory Corruption Exploit, SPL Amaya 11, Foxit Reader 3.0. PDF Buffer Overflow Exploit.

More information about Unique Sploits Pack

Adrenaline
Another of the many crimeware designed to exploit vulnerabilities and to control botnets via http. Among the features that has highlighted the possibility of using local pharming, keylogging, theft of digital certificates, encryption of information, anti-detection techniques, cleaning of fingerprints, injection of viral code, among others. Its value is USD 3000.

More on Adrenaline Pack

YES Exploit System v2.0.1
One of the most used operating kits. Has an interface that resembles that of an operating system with a "Start" menu from which you access the various features of it. The cost of the latest version to date (August 2009) is USD 800.

YES Exploit System v1.2.0
Some packages of the first generation, still very active, the price varies depending on the versions. In the case of version 1.2.0, the cost is around USD 700.

More information about Exploit System YES

Barracuda Botnet v3.0
Latest version of this web application that, despite having several years of existence, it still has a relatively high cost compared to their peers. This is a crimeware with two versions of marketing, the Full version at a cost of USD 1600 and the Lite version at USD 1000.

In addition, this package is modular, meaning that you can add modules to meet the needs of the botmaster buy or rent. Modules that can be acquired are:
  • Module DDoS (HTTP GET / POST flood, UDP flood, ICMP flood, TCP flood, IP Spoofing) at a cost of USD 900.
  • Email Grabber module that collects email addresses stored on the zombie. Its value is USD 600.
  • Proxy Module, allows to increase the number of simultaneous connections for a more "efficient" sending spam. Its value is USD 500.
  • Module PWDGRAB. Clearly oriented to the theft of private information. The value is USD 500.
  • Module SSLSOCKS. This module is in its beta stage and can build a VPN "through the botnet. The price is USD 500.
With respect to previous versions, the 2.2 is sold for USD 600 and USD 300 to version 2.0.

More information on this crimeware

ZeuEsta Exploit Pack v7.0
This is an "adaptation" which consists of private combination of two very active crimeware: ZeuS v1.2.4.6 and SPack Kit. The cost is USD 600 and USD 100 per month to access a more hosting. Originally composed by the merger between Zeus and ElFiesta up during April this year (2009) was updated replacing ElFiesta by SPack Kit

While this fusion of crimeware isn't an original creation developed entirely by Russians, the different versions of it are ZeuS and therefore was considered to reflect its cost.

ZeuEsta Exploit Pack v5.0
This version is obtained in the illegal market at a cost of USD 150 the "unofficial", ie sold by third parties and not by the author himself. This version is composed by ZeuS v1.1.2.2 and ElFiesta.

ElFiesta v3
One of the most exploited by crimeware botmasters. In this case it's version 3 at a cost of USD 800. The application has modules that exploit vulnerabilities over twenty of which those with higher levels of efficiency are the exploits to PDF and SWF.

More information about ElFiesta

Liberty Exploit System v1.0.5
A new crimeware package that has recently emerged a number of characteristics that make it according to its author, an ideal application for its price/quality.

Preinstalled by default has the following exploits: MS06-014 Internet Explorer (MDAC) Remote Code Execution Exploit, PDF util.printf(), PDF collab.collectEmailInfo(), PDF collab.getIcon(), Flash 9 y MS DirectShow. Its cost is USD 500.

Neon Exploit System v2.0.5
Neon suffered a slight cut of USD 100. Now, the cost is USD 400 and USD 500 no. Among the modules of exploits that are preinstalled and preconfigured include: IE7 MC, PDF collab, PDF util.printf, PDF foxit reader, MDAC, Snapshot and Flash 9.

Limbo Trojan Kit
Limbo is one of the least popular crimeware illegal market in Russian market. However, this does not mean that your risk is lower. At a cost below other crimeware much more popular, their cost is USD 300.

Among its features are the binary update, cleaning of tracks (cache, cookies, etc..), Reboot the operating system (Windows) and destruction if necessary. It also has ability to capture keyloggin all passwords are accessed through Internet Explorer and that are stored in the browser, among others.

Fragus v1.0
A very new Web applications that access the crimeware industry at a cost of USD 800. Its characteristics are that the multilingual support (english and russian), statistical system on the browser and operating systems (including versions) and countries, the ability to customize modules exploits and incorporate new injection of iframe tags, file encryption, Crypter is a part of that package, however, you can add a personal.


As we can see, the malicious process automation, services and offerings relevant to making the purchase, sale and rental of effective "weapon" software designed purely for criminal purposes and profit.

In this sense, the costs generated from crimeware Russia moves depending on what the market dictates, even creating alternative business models such as loss of focus on providing technical support through professional services and maintenance and custom Update crimeware, feedback and the black market.

Related Information
Los precios del Crimeware ruso
Comercio Ruso de versiones privadas de crimeware...
Automatización de procesos anti-análisis II
Eleonore Exploits Pack. Nuevo crimeware In-the-Wild
Mirando de cerca la estructura de Unique Sploits Pack
Adrenaline botnet: zona de comando. El crimeware ruso...
YES Exploit System. Otro crimeware made in Rusia
Barracuda Bot. Botnet activamente explotada
ElFiesta. Reclutamiento zombi a través de múltiples amenazas

# Jorge Mieres

Wednesday, August 12, 2009

Patching the Patches: The dorky tale

MS has a history of having patches more than the software they make. History repeats itself and gives a hard time for MS to do or maintain a good OS.

Let us look at reality in layman's analogy:

Image 1: the following is a bug found in one of the modules that was created to provide a feature:



Image 2: this image shows a bug that has not been recognized by MS as a bug, but rather as a feature:



Image 3: the following shows the patch applied by MS and how a weed still comes from it:



Image 4: this image shows trees of exploits growing from unpatched areas/OS:



Image 5: the last and final(following) image shows how MS should have originally done it, instead of what they did in image 3:




After all, they are also run by humans and hence to err is normal. Anything within manageable risk is good enough to proceed further with business. But that doesn't mean that you should buy new expensive flavors of Windows.

This is our side of the dorky tale behind patching and repatching the patched patches.

Btw, some people think that this site is run by "the underground". This is me in the evening walk and this ain't underground:



- EF

Sunday, August 9, 2009

Testimonials for RootkitAnalytics.com

Hey guys,

We would like to create a testimonial section for RootkitAnalytics.com. Kindly, send your reviews to contact.fingers@g mail.com and we would list it asap.

We appreciate your support and we thank you for your time.

- EF

What do you think of our logo

We understand that this is the least of importance on any technology website, but since we would like to evaluate our work every once in a while, we would like to have your opinion on the logo's of our futuristic websites.

Here are the following:









Your opinion is very valuable to us. Kindly, scroll to the right-pane of the page where you would find a poll. Kindly, enter your honest opinion in the options listed and let us know what you feel.

- EF

Saturday, August 8, 2009

TRiAD Botnet III. Remote administration of multi-platform zombies

TRIAD is a web application designed to monitor and manage botnets by using GNU/Linux and MS Windows via the http protocol and of which we have discussed recently. It's part of an even more ambitious project by its author (who calls himself "cross"), called Hybrid Remote Administration System and which we will talk soon ;P

This time, it's version 3 TRIAD botnet. This web application is still in "infancy" but that nevertheless is in constant development and from version 2 has become a multi-platform crimeware. His full name is actually TRIAD HTTP Control System v0.3.

This latest version of crimeware has slight differences (improvements would say the creator) with respect to its predecessor. At first glance, highlights in its new interface, something we might say, characterizes the application.

Like its predecessors, is written in C ++ and compiled with GCC.

While no statistics as if they have features found in more sophisticated crimeware applications, has a number of options that makes it a danger. For now, its features are:

In GNU/Linux system:
  • Syn Flood con source IP spoofing: [SynStorm]-[Host]-[Port]-[Nr of Packets]-[Delay]
  • Small HTTP Server: [HTTP Server]-[Port]-[Time(minutes)]
  • Bind Shell: [Bind Shell]-[Port]-[Allowed IP Address]
While the version for Windows platforms includes:
  • UDP Flood: [Reverse Shell]-[Host]-[Port]
  • Small Proxy Server: [UdpStorm]-[Target IP]-[Target Port]-[Nr of Packets]-[Delay]
  • Reverse Shell: [Proxy Server]-[Port]-[Time(minutes)]
Regardless of the platform, the two have in common the ability to:
  • Sleep
  • Reboot remote machine
  • Shutdown remote machine
  • Delete bot from remote machine
Through a recent update for now, only the version that runs on GNU/Linux provides the ability to generate the configuration file through a GUI, this way, the process is much simpler.

The configuration file is generated then compiled to create the bot and getting a new crimeware through some simple steps.

However, this creates a counter that has to do with an issue of optimization and that when you upgrade the bots, it would make an individual, which is annoying for a botmaster advanced.

The crimeware this trend has created a style of hard braking, which marks a turning point on the control and administration of botnets represents a major effort by the security community in the fight against organized cyber crime which are in the current state of criminal activities committed through the Internet.

Related Information
TRiAD Botnet II. Administración remota de zombis...
TRiAD Botnet. Administración remota de zombis en Linux
Eleonore Exploits Pack. Nuevo crimeware In-the-Wild
Especial!! ZeuS Botnet for Dummies
ElFiesta. Reclutamiento zombi a través de múltiples amenazas
Adrenalin botnet: zona de comando. El crimeware ruso marca...
Chamaleon botnet. Administración y monitoreo de descargas
YES Exploit System. Otro crimeware made in Rusia
Barracuda Bot. Botnet activamente explotada
Unique Sploits Pack. Crimeware para automatizar...

Activities botnets
Fusión. Un concepto adoptado por el crimeware actual
ZeuS Carding World Template. Jugando a cambiar la cara...
Unique Sploits Pack. Manipulando la seguridad del atacante...
Scripting attack II. Conjunción de crimeware para obtener...
Zeus Botnet. Masiva propagación de su troyano. Segunda parte
Danmec Bot, redes Fast-Flux y reclutamiento de Zombies PCs

# Jorge Mieres

Friday, August 7, 2009

Tweet with fun

We now have a 4 member team to tweet and retweet good tweets to help our followers follow quality tweets/news.

Follow us at www.Twitter.com/EvilFingers

- EF

Open Positions for Volunteering

We have requirements for the following positions[volunteering]:

Designer for:
* website
* logo
* icons(for website and tools)
* GUI for windows an Linux tools

Developer for projects and tools

Multiple reversing positions[patch Tuesday, malware analysis, etc.]

Pentesters[code auditors, vulnerability assesments, etc.]

Shift analysts/handlers[we are planning to have analysts/handlers round the clock to help all our users who are trying to get more info on selective stuff]

vBulletin specialists to secure, develop and design flashy forum

Content specialists for forum, blog, papers, articles and website content

Media relations expert

Video/podcast specialists

There are other vacancies that would require your help. Feel free to contact us at contact.fingers@gmail.com.

Thursday, August 6, 2009

Why is DLL Important?

The reason for this posting is because, we [the RootkitAnalytics team] would like to respond to some of the queries that we have been noticing recently.

-------------------------------------------------------------

Stimulus: "Why is SpyDLLRemover" working on finding only Injected DLL's?

Response: As the name implies, SpyDLLRemover is intended for Injected/Spyware DLL Remover.

-------------------------------------------------------------

Stimulus: "Why do you want a tool that can do only DLL testing?"

Response: Well, DLL[Dynamic Link Library] is the artery of Windows Operating System. If you notice, most of the famous malwares uses DLL injection. The most recent example includes[but is not limited to] Conficker. Conficker is delivered as DLL's and hence it cannot run as a stand alone program. All these DLL's needs to be loaded into another running process or applications. Which means that when we perform scan of Processes, Services [and in the near future Registry and File System] for injected DLL's[Severe/Critical/Red], or DLL's that could be called by other processes[Orange/Suspicious], or DLL's that could be used in non-native process[Yellow]. But in all cases, DLL plays major role, hence we thought that we would give the users a standalone tool just for this purpose.

-------------------------------------------------------------

Stimulus: "Is this your first and last tool?"

Response: We would be launching other tools pretty soon. Our aim is to release tools that could interrupt malware's functioning before it does the harm to your system, rather than triggering an alert after it is allowed to do malicious activities. Hence, we are moving in the direction of real-time/live analysis. But since this is free stuff we are doing and free volunteering, it always takes time for such releases to happen.

-------------------------------------------------------------

Stimulus: "Is this tool safe?"

Response: We guarantee that it is safe. But our name has "evil" in it. Hence, we have also listed what other folks have guaranteed on our tools. "User Reviews" section would be listed in our site pretty soon. Hence, if you are a user and if you have recommended your organization to use our tool for detection or if you are a free-lancer/consultant using our tool, please send us your reviews and we would be glad to publish them in this section. Contact us at mailto:contact.fingers@gmail.com and we would send you the preferred format and other details that are essential.

-------------------------------------------------------------

If you have any other questions at all, please feel free to contact us at any point of time, and we would be more than glad to help you. Our support is 100% free, but we do not guarantee that we would be able to support every request. But on either case, we would always respond to your queries.

Thanks and have a great day.
-EF

Tuesday, August 4, 2009

Eleonore Exp v1.2 - Russian Exploits Pack[Crimeware]

[COPIED and Pasted from http://www.opensc.ws/trojan-malware-releases/7443-eleonore-exp-new-actual-russian-exploits-pack.html Thanks to http://twitter.com/securityshell for bringing it to our attention]


********THE FOLLOWING IS NOT OUR CLAIM**********


Hello!
I present new actual russian exploits pack "Eleonore Exp v1.2"


Exploits on pack:
> MDAC
> MS009-02
> Telnet - Opera
> Font tags - FireFox
> PDF collab.getIcon
> PDF Util.Printf
> PDF collab.collectEmailInfo
> DirectX DirectShow
> Spreadsheet

installs on traffic:
> on usa: 5-15%
> on mix: 10-25%
[size=1]* Piercing indicates approximate, may vary and depends directly on the type and quality of traffic. size]


Price:
> Eleonore Exp Pack 1.2 = 700$
> Cleans cryptor on AV = 50$
> Rebild on another domain = 50$
* PACK is binding on domain.
> Eleonore Exp Pack 1.2 with not binding domain(free on domain) = 1500$



Здравствуйте!
Предлагаем связку сплойтов "Eleonore Exp v1.2"

Обновления:
Работа над связкой ведется почти каждый день, связка тестируется, улучшается, оттачивается, вот уже и в продаже версия 1.2.
> Значительно увеличился пробив. (добавлен новый сплойт,оптимизированые некоторые старые экспы)
> Файл теперь загружается через админку. (загружать файл можно как с вашего компа, так и с удаленного хоста)

В состав связки входят следующие эксплойты:
> MDAC
> MS009-02
> Telnet - Opera
> Font tags - FireFox
> PDF collab.getIcon
> PDF Util.Printf
> PDF collab.collectEmailInfo
> DirectX DirectShow
> Spreadsheet

Средний пробив на связке:
> на уса траффе: 8-17%
> на ру-снг траффе: 10-25%
* Пробив указывается приблизительный, может отличаться и зависит напрямую от вида и качества траффика.


Цена последней версии 1.2:
> Стоимость самой связки = 700$
> Чистки от АВ = 50$
> ребилд на другой домен = 50$
* Связка с привязкой к домену.
* для первых 3х покупателей, цена связки 600$


Цены предыдущих версий:
(бюджетный вариант)
> Цена версии 1.1 = 500$
* отсутсвует: Spreasheet(вместо него snapshot).
> Цена версии 1.0 = 300$
* отсутсвуют: Spreasheet(вместо него snapshot),DirectX DS,Font tags.
* При покупке старых версий,вы впоследствие в любой момент сможете апгрейдить связку до новой версии.
* Пробив на старых версиях значительно ниже.
* Стоимость чистки такая же.









Contact:
> ICQ: 9000001

topic on russian forums:
https://damagelab.org/index.php?showtopic=17952
http://exploit.in/forum/index.php?showtopic=25128
http://forum.web-hack.ru/index.php?showtopic=87295
http://xakepy.ru/showthread.php?t=52198
http://forum.xakep.ru/m_1533365/tm.htm

=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
* Цена связки может меняться.
* Cвязка с привязкой к домену.
* Возможно вписать несколько доменов,за отдельную плату.
* Перепродажа запрещена,да и не имеет смысла, т.к. вы всегда можете обратится к нам,мы можем пойти на уступки, и найти компромисс (добавить/убрать какие то определенные эксплойты, продать связку без поддержки по вашему желанию, без привязки к домену, вставить ваш метод крипта, вставить ваш эксплойт, добавить дополнительные функции и т.д. Всё обговаривается и всё для вас, мы хотим чтобы вы были довольны нашим продуктом.)
* Так же приветствуется ваше мнение, что стоит добавить/убрать в связке,мы прислушиваемся к вашим пожеланиям по улучшению продукта, и всегда рады новым идеям.
* Сдаем связку в аренду.
Топики об аренде связки(описание/условия/отзывы)
http://xakepy.ru/showthread.php?t=52197
http://forum.xakep.ru/m_1547497/tm.htm
http://exploit.in/forum/index.php?showtopic=25873
http://forum.web-hack.ru/index.php?showtopic=87998
http://forum.zloy.bz/showthread.php?p=4718124


**********END OF THE F*ING AD*******************

If Crimeware-as-a-Service starts increasing exponentially, we wonder how the security community is going to face it.

Once again, NOTE: THE ABOVE AD DOES NOT HAVE ANY RELATIONS TO US. WE ONLY FOUND IT INTERESTING AND WANTED OUR VIEWERS TO REALIZE THAT THEY NEED TO SECURE THEMSELVES FROM SUCH CRIMEWARE STUFF.

- EF