sábado, 15 de septiembre de 2012

Herpes Botnet


Herpes botnet is a classical botnet with typical features for management control of infected machines.

It has been found a sample of this troyan that initiates Herpes infection at:

hxxp://boolbot.org/herp.exe

Binary size: 37,888
MD5: 6f0084cbc3e67cc1a7ac61a9480baf21

Troyan connection string with the Control Panel is:

hxxp://boolbot.org/Herpnet/run.php

The control panel HERPES botnet network is accessed via the URL:

hxxp://boolbot.org/Herpnet/

As seen in the login screen.




After accessing Herpes Botnet  Control Panel, it shows the statistical information of infected users for the Troyaan as shown in the following screenshot:

At the time of this analysis, Botnet Panel controlled 233 infected bots machines of which just 143 were actives.

This Panel also has a menu for remote control of infected computers, running a series of commands at online machines that are communicating with Herpes Panel


the task menu in the Control Panel can run the following commands to infected machines

These commands can be launched remotely to order infected computers to capture screenshot from zombies computers as well as to capture sensitive user data for the toyan keylogger and also download other malicious binaries on the infected machine.

No hay comentarios:

Publicar un comentario en la entrada

Nota: solo los miembros de este blog pueden publicar comentarios.