[Squirl]

Hi guys,

I know this is really broad and not a whole lot of information to go on, but is anybody in possession of a sample described here:

http://www.spider.io/blog/2013/03/chameleon-botnet/

Spider.io are being incredibly reserved with sample (and hash) sharing.

Any help greatly appreciated, willing to exchange research and analysis notes.

Edit****

It's possible this is a new variant of ZeroAccess.

[EP_X0FF]

They managed to confuse everyone I think.

120K of bots is not even close to ZeroAccess millions, so this is not sophisticated botnet if it not a fork of ZeroAccess. All currently distributed ZeroAccess variants are well known.

Unfortunately there is no info from spider.io, absolutely nothing except non meaningful stats, probably they keep info for upcoming self-promotion.

Very sophisticated company http://www.linkedin.com/company/spider-io, sarcasm, the only known AFAIR for hype about IE mouse tracking.