It's nothing spectacular or groundbreaking, and appears to have been around since at least 2009, maybe earlier.
I've replaced the binaries with VirusTotal analysis, and posted everything else as I received it.
You can browse the shell scripts, as well the the malware's help file, at my Google Code site.
By the way, here's the config info for the bot's command and control center:
I hope you enjoy examining the bot.
NICK Hack USERFILE 1 CMDCHAR * LOGIN eliata IRCNAME juno boot flood MODES +ix-ws TOG CC 0 TOG CLOAK 1 TOG SPY 1 SET OPMODES 4 SET BANMODES 6 SET AAWAY 1 TOG NOIDLE 1 CHANNEL #m0atrea TOG PUB 1 TOG MASS 1 TOG SHIT 1 TOG PROT 1 TOG ENFM 1 SET ENFM +nt SET MDL 4 SET MKL 4 SET MBL 4 SET MPL 1 SERVER irc.deadly-co.ro 6667
No comments:
Post a Comment