The base technical information of the threat is here: http://blog.malwaremustdie.org/2014/05/ ... cheme.html
This variant had just mentioned in IT media news in The Register here: http://www.theregister.co.uk/2014/09/09 ... modem_bot/
The threat investigation is here: https://capsop.com/lightaidra-cc-investigation/
The actor (skids+gamer) had just got arrested for using weed in school but just got released, PoC: https://www.youtube.com/watch?v=ojlsAQ_Wf60 - And the coder is following us in twitter..
The actor is US citizen and never get arrested for what he did, even though successfully infected 100+ clients.
HE uses this malware for selling his "unhittable VPN", poc:
Malware is coded based on lightaidra (new gen of taidra) IRC bot, known for its DoS functions.
Snapshot of a session connected to the CNC (modded UnrealIRC)
I shared samples as per attached. I picked x32 and x64 for the other researchers conveniences. The samples are exists also in multiARC like MIPS, ARM, SuperH, MIPSEL, etc.
malwaremustdie.org
This variant had just mentioned in IT media news in The Register here: http://www.theregister.co.uk/2014/09/09 ... modem_bot/
The threat investigation is here: https://capsop.com/lightaidra-cc-investigation/
The actor (skids+gamer) had just got arrested for using weed in school but just got released, PoC: https://www.youtube.com/watch?v=ojlsAQ_Wf60 - And the coder is following us in twitter..
The actor is US citizen and never get arrested for what he did, even though successfully infected 100+ clients.
HE uses this malware for selling his "unhittable VPN", poc:
Malware is coded based on lightaidra (new gen of taidra) IRC bot, known for its DoS functions.
Snapshot of a session connected to the CNC (modded UnrealIRC)
I shared samples as per attached. I picked x32 and x64 for the other researchers conveniences. The samples are exists also in multiARC like MIPS, ARM, SuperH, MIPSEL, etc.
Code: Select all
If anyone somehow found this variant, please share/coordination with us? We want this abuse to stop.MD5 (halfnint) = ec5556e3026b98aaf0f0a7d53b1a76d6
MD5 (nintendo) = 0fb662c9b63b415361791e7597b673d7
malwaremustdie.org
Attachments
7z,pwd:infected
(28.21 KiB) Downloaded 84 times
(28.21 KiB) Downloaded 84 times