Series: Looking through the keyhole – LuckySploit

March 25, 2009


I wanted to demonstrate the level of sophistication that is running the back end Command and Control servers for many of these web based usually p2p botnets.  Included are support contracts, fees for advanced services, reporting and sometimes the occasional backdoor! Duh.

As currently shown by the Malware Domain List the following pack is now very popular..

Luckysploit, currently by many analysts to be at the head of the pack in terms of obfuscation and features.

The pack includes dynamically generated runtime creation of obfuscated Javascript in order to establish an encrypted communication session with the browser via asymmetric encryption.  The browser then sends its critical info such as user agent type, active x controls, plugins, and platform information.

Based on this exchange of information, the pack sends a crafted exploit JUST FOR THE VICTIM.  whee. How special.

luckysploit21

Here is the admin page.

luckysploit101

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: