January 20, 2012Blog Staff By Blog Staff

A peek inside the Umbra malware loader

The thriving cybercrime underground marketplace has a lot to offer. From DIY botnet builders, DIY DDoS platforms, to platforms for executing clickjacking and likejacking campaigns, next to drive-by malware attacks, the ecosystem is always a step ahead of the industry established to fight back.

Continuing the “A peek inside…” series, in this post I will profile yet another freely available DIY Botnet building tool – the Umbra Malware Loader.

Screenshots of Umbra Malware Loader’s command and control interface:

Some of its core features include:

[+] Webpanel-Layout
[+] Installs
[+] Bots
[+] Builder with Plugin support
[+] Webpanel-Autoinstaller[*] Unicode-compatible
[-] Plugincommand (use Builder/update function for plugins)

What’s particularly interesting about the Umbra Malware Loader is its modular nature, namely malicious attackers can easily introduce new features while using some of the already coded plugins, next to the ones offered as a managed service.

Today’s modern malware is released in DIY fashion; it’s highly customizable, it’s localized in multiple languages, it comes with detailed instructions and HOWTO’s, and most importantly additional features including coding a new one from scratch, are available as a managed service.

Webroot’s security team is currently in a process of analyzing the Umbra Malware Loader. Details will be posted as soon as new data is gathered.

Related posts:

You can find more about Dancho Danchev at his LinkedIn Profile. You can also follow him on  Twitter.

Share Button

6 Responses to A peek inside the Umbra malware loader

  1. I’ll be looking forward to the details that will be posted in the near future…This is what my partner was looking for because he had 28 sites to work right now…Seems like the fight is continualy doing the I’m number one, then the other is number one, then other…Thanks for keeping us in the fight…I want to win! Malware is a strange animal…Need deeper understanding…Seems like with your knowledge you’re able to carve a business out of it…thx

  2. Pingback: A peek inside the Ann Malware Loader « Webroot Threat Blog

  3. Pingback: New Russian DIY DDoS bot spotted in the wild « Webroot Threat Blog – Internet Security Threat Updates from Around the World

  4. Pingback: Russian cybercriminals release new DIY DDoS malware loader « Webroot Threat Blog – Internet Security Threat Updates from Around the World

  5. Pingback: Webroot’s Threat Blog Most Popular Posts for 2012 « Webroot Threat Blog – Internet Security Threat Updates from Around the World

Leave a Reply

Your email address will not be published. Required fields are marked *