Cybercriminals continue to systematically release DIY (do-it-yourself) type of cybercrime-friendly offerings, in an effort to achieve a ‘malicious economies of scale’ type of fraudulent model, which is a concept that directly intersects with our ‘Cybercrime Trends – 2013‘ observations.
We’ve recently spotted yet another subscription-based, DIY keylogging based botnet/malware generating tool. Let’s take a peek inside its Web based interface, and expose the cybercrime-friendly infrastructure behind it.
Sample screenshots of the DIY keylogging platform:
Next to the standard keylogging features, the botnet/malware generating tool also comes with DDoS functionality. What’s particularly interesting about this tool is that its primary hosting location exposes a cybercrime-friendly malicious infrastructure worth keeping an eye on. Let’s take a look.
Known to have phoned back to the same IP as the original hosting location (184.108.40.206) are also the following malicious MD5s:
Related serial numbers:
Serial Number: 27 42 F1 24 28 26 FB 7F 69 B0 52 B7 F3 94 DF ED
Serial Number: 00 9B 51 7C AF 08 AA 1A 85 82 2D B0 CE 5E 91 69 FE
Once executed MD5: 6b6836efff22dae8fd49de23e850f9a4 phones back to:
hxxp://freedowloading.tk/love/gate.php – 220.127.116.11
Once executed MD5: b60df6003c214d29f574b871530d0e3a phones back to:
Related malicious MD5s known to have phoned back to (os.downloadastrocdn.com; 18.104.22.168):
Once executed MD5: d4eb62529918bd18820809d34d8a443b phones back to:
Once executed MD5: 42c826634ee1479de99b2a354475574d phones back to:
Webroot SecureAnywhere users are proactively protected from these threats.