Archive for September, 2007
Let’s go fishing Barracudas
Several months ago we mentioned Barracuda, which is a bot that can be updated with the files we indicate it, launch DDoS attacks and turn the infected computers into proxies.
Today, when analysing several malicious sites, I have come across a server that had 84,631 bots, from which 2,072 were connected, and 20,448 proxies, from which 532 were connected.
Kits for installing malware –> Traffic Pro
We have talked quite a few times about kits for installing malware, such as MPack and IcePack. Vicente has been studying for a while another kit called TrafficPro. Although it's older than MPack and IcePack, it's cheaper (about $20 - $40), that's why it has become so popular.
In order to access the control panel you have the typical login page:
Of course, you can check all the infections in detail:
For a detailed explanation of how it works, take a look at the report written by Vicente.
Do AV companies create viruses?
As someone working in the lab of an antivirus company, I've often been asked if we are the ones that create viruses. Not only the journalists, but even my friends and family have been asking me about this for a while.
I'm bringing this issue up because several months ago I received a call from a journalist who asked me if we were somehow involved in the creation and / or distribution of a virus that was spreading in Asia, specifically in China. It was designed to steal users' information belonging to online games, but it had a curious payload; it changed the icons of certain files to the image of a panda:
Obviously, it wasn't us who created this virus and to certify it (and to avoid more calls about this issue ;-) today the virus creator and his henchmen have been sentenced to several years in jail.