The backdoor offers very simple functionality, mainly to load other components. It has some common tricks to hide itself in the infected machine, in order to make it more difficult for a user to notice its presence.

The main commands that can be sent to the backdoor are: download and run an executable, download and install a plugin, update the bot itself, reboot the machine, and uninstall the bot. The main purpose of this backdoor is therefore to offer a gateway to the attacker so that he can download and install his own malware.

This backdoor is not very widespread yet, but it has the potential to evolve into a more dangerous threat in the future; as always, we recommend the users to update their software and security products, and to use common sense in order to avoid malware.

via Dream Loader: the new bot C&C engine of your dreams | Symantec Connect.


I would like to inform you about our recent progresses.

We are working hard for releasing the  new version  of our framework for botnet tracking(Dorothive).

Below you can find some new features:

+ Postgres database

+ the analysis coore is being developed in pure ruby language (OO oriented, easy addition of new detection rules ex. zeus,spyeyes,etc)

+ New visualization techniques : Realtime Charts (hightcharts, or opencharts), and AJAX google APIs for maps. That’s the way.

+ Drone completely coded from the scratch in Java: multi-platform, PKI based, TOR/proxy connection, IRC/HTTP compatibility.We are close to launch our first beta.  Let me know who is interested in participating as beta-tester.

+ The analysis engine will be able to detect financial botnet as presented at the APWG conference , here at Barcelona Digital we are going to begin the test phase to acquire some interesting results.

+ and lot more.. 🙂

More status updates will be released more often, I promise.

stay tuned!