MW-Blog

BlackEnergy is yet another malware coming from Russia. The package is a “for dummies” version, exhibiting a nice GUI you can use to modify the bot. The only purpose for BlackEnergy is to DDOS. It does not spread on it’s own, it just sits and polls a HTTP C&C (Command and Control) to see whether it has been given any targets.

Here’s a screenshot of the GUI:

The malware is capable of launching icmp,syn,udp and http floods against a designated target(s).

The malware comes with a rootkit that installs 3 SSDT hooks:

ZwEnumerateKey
ZwEnumerateValueKey
ZwQueryDirectoryFile

It also employs advanced anti-dumping techniques in an effort trying to stop anyone from being able to dump the process memory for analysis. Quite a nasty bugger in all.

This entry was posted on Saturday, October 6th, 2007 at 8:09 am and is filed under Malware FreakShow. You can follow any responses to this entry through the RSS 2.0 feed. Responses are currently closed, but you can trackback from your own site.