427 Botnet fm qxd

each created file, no matter if it is an executable or data file and if it was
downloaded, copied, or created completely new. All these created files can be
found in the corresponding created_files subfolder inside the .cab archive.
Another helpful option is 
FAIL_ON_ALL_DNS_REQUESTS
. When you
enable this one, each DNS request will fail and the malware will disclose all
its internally stored remote host contact addresses.
What Malicious Operations Are Performed?
The possible malicious operations a bot could perform on the infected host
and remote hosts are limited only by the imagination of its developer. It is
obvious that the operations mentioned in the preceding sections are malicious
as well. However, these operations are only intended to infect and secure a
system.They are not intended to do harm. Once the infection process with
all its side actions is finished, the bot is free to pursue its real purpose: using
the hosting system to perform illegal and criminal operations, directed by its
operator. Some examples of these operations are:
■
Sending spam or notification mails 
■
Performing distributed denial of service (DDoS) attacks 
■
Installing a backdoor 
■
Stealing sensitive data 
■
Harvesting e-mail addresses from the local host
In this section we present hints for those operations that can be found in
the analysis reports. We start with the detection of mail delivery. In general, an
SMTP mail delivery looks like this in the report:
remoteport="25" protocol="SMTP" connectionestablished="1" socket="1560">

" behavior="Simulate_And_Log">
From: kalonline@sbcglobal.net
To: kalonline@sbcglobal.net
Subject: Perfect Keylogger was installed successfully: 11.11.2006, 06:47
Date: Sat, 11 Nov 2006 06:47:04 +0100
Content-Type: text/plain;
Perfect Keylogger was installed on the computer FOO2,
with IP address 192.168.1.1, user victim at 11.11.2006, 06:47.

Download 6,98 Mb.

Do'stlaringiz bilan baham: