Sunday, October 4, 2015

Beta Bot Analysis

Win32.Neurevt, circulating under the name Beta Bot is an HTTP bot that entered in the underground market in the first part of 2013.

As we can see the information from the Sales Thread, this piece of code which written in C++ has many functionalities. Among others, we found:


  • AV-Disabling
  • Bot Killer
  • Ring3 Rootkit
  • Custom Injection Techniques
  • Proactive Defense Mode


At less than €500, Beta Bot is sold relatively cheap, considering its vast feature list. It includes also standard features for today’s bots, like different DOS-attack methods, DNS Blocker, etc...


Reference & details:

http://resources.infosecinstitute.com/beta-bot-analysis-part-1/

http://resources.infosecinstitute.com/beta-bot-analysis-part-2/


Credits and References:

https://github.com/KenMacD/betabot-re
https://blog.fortinet.com/post/neurevt-bot-analysis
http://vrt-blog.snort.org/2014/05/betabot-process-injection.html
https://asert.arbornetworks.com/beta-bot-a-code-review/

No comments:

Post a Comment