ratNetw0rk Statistik

Mittwoch, 31. März 2010

Strike Ultimate Botnet

Strike Botnet ist ein neuer, fortschrittlicher HTTP basierte Bot, mit denen man mehre Tausende Computer steuern kann ohne das die Opfer etwas davon merken."Squeezer" (Scott Van Dinter ist 18 Jahre Jung und hat den Bot in VB6 und ASM Programmiert.



ActiveX Startup. An already well-known startup method.

Advanced Anti-Checking. -Different threads with continuous checks. 10 different methods

Attacking. As every botnet that serves to its purposes, it has a DDOS system that Works with TCP Connections and runs in the background.

Firewall Bypass. Add's itsself to the windows firewall. Unhooks ring3 firewall hooks

Process Protection. An advanced protection system will keep the process from being closed

File Protection. Strike is protected from deletion, even if the process is not running. Can't even be deleted by Rootkit Unhooker

Serial Stealing. Strike can steal the windows serial code, and more than other 200 serials.

Sockets. Strike uses API sockets to connect with the web interface (That means that it doesn’t use the well-known Winsock). It also uses the http protocol to bypass firewalls.

Spreading. Strike has the ability to spread itsself into every compressed folder (zip/rar) on the infected computer.

MSN Passwords. Strike is able to steal stored MSN passwords.

Internet Explorer. Strike is also able to steal Internet Explorer passwords.

Update. A very interesting feature, with this function Strike is also able to download a newer version and update itself.

Standard Funktionen.
Exit, Strike kann beendet werden.
Melt, Strike kann vollständig vom Computer entfernt werden.
BSOD, Strike kann einen Blue Screen of Death auslösen.
Kill, Strike kann Dateien auf dem Computer löschen.
Exec, Strike kann dateien auf dem Opfer ausführen.
Down, Strike kann Dateien über das HTTP Protokoll aus dem Internet Herunterladen und ausführen.

Strike ist FUD (Fully Undetectable) wen er Kompilliert wird und benötigt danach keinen Crypter um ihn vor Antivirenprogrammen zu verstecken.

Quelle: http://malwareint.blogspot.com

31.03.2010 11:15