Today, when I was tracking the server to which a variant of Trj/LdPinch sends information, I have come across, among the files in the server, some .php files that are used to control a botnet via web.
The image below would be the initial screen from which the infected systems can be viewed for geographical area:
And the option “Botnet controller†allows different actions to be carried out in the affected systems:
Posted under Malware Alerts
This post was written by Vicente Martinez on June 13, 2007
