NgrBot is a modified IrcBot. It has the capability to join different Internet Relay Chat (IRC) channels to perform various attacks according to the IRC-based commands from the command-and-control (C&C) server. Recently, our botnet monitoring system captured an NgrBot variant with hardcoded version Figure 1. Hardcoded version This new version of the bot carries new features that are much more harmful than before, including the ability to destroy data in the user's hard drive. Wiping The Hard Drive This new version of... [Read More]
by RSS He Xu  |  Jul 10, 2014  |  Filed in: Security Research
Lethic is a proxy bot with an extremely long history that started in January 2010. It is most known for spreading spam emails to earn as much money from the underground market as possible. In March 2014, our botnet monitoring system found that Lethic has now transformed into a clicker bot. Lethic's Spamming Method As a proxy bot, Lethic only transfers data between its command-and-control (C&C) server and its target. When spreading spam emails, the bot receives the business SMTP email server's IP address and port from the C&C server (see... [Read More]
by RSS He Xu  |  May 06, 2014  |  Filed in: Security Research