« Tool Release: PolyCryptPE Unpacker
Tool Release: KMFCopy - A Kernel-Mode File Copy Utility »

BlackEnergy DDOS Bot

BlackEnergy is yet another malware coming from Russia. The package is a “for dummies” version, exhibiting a nice GUI you can use to modify the bot. The only purpose for BlackEnergy is to DDOS. It does not spread on it’s own, it just sits and polls a HTTP C&C (Command and Control) to see whether it has been given any targets.

Here’s a screenshot of the GUI:

BlackEnergy GUI Builder

The malware is capable of launching icmp,syn,udp and http floods against a designated target(s).

The malware comes with a rootkit that installs 3 SSDT hooks:

ZwEnumerateKey
ZwEnumerateValueKey
ZwQueryDirectoryFile

It also employs advanced anti-dumping techniques in an effort trying to stop anyone from being able to dump the process memory for analysis. Quite a nasty bugger in all.

Penetration Testing
Fitsec Ltd - The Evil Eye Penetration Testing Service
http://www.fitsec.com/en

This entry was posted on Saturday, October 6th, 2007 at 8:09 am and is filed under Malware FreakShow. You can follow any responses to this entry through the RSS 2.0 feed. Responses are currently closed, but you can trackback from your own site.

Comments are closed.

If you want to comment on this article please send e-mail
to authors(_at_)teamfurry.com or go to the forums.

InspectorWordpress has prevented 2 attacks.