– Progressive download different EXE and run *<\/p>\n
– Geo-targeting (download only for specific countries)<\/p>\n
– The ability to download files via a URL<\/p>\n
– Startup and invisible work (Masked by a trusted process) **<\/p>\n
– Detailed statistics on jobs- Self-renewal through the bot’s admin panel (locally or remotely) **<\/p>\n
– Protection against loss by blocking bots domain **<\/p>\n
– The small size of the loader ~ 12.6 kb ***<\/p>\n
– Ability to use Builder for “sellers” (more accurate statistics)<\/p>\n
– Statistics on re-launching (useful for assessing the quality of downloads, or traffic) **<\/p>\n
– “Guest” access to the statistics- Easy kriptovka (does not contain any additional dll, overlays, etc.)<\/p><\/blockquote>\n
Screenshots of the command and control interface:<\/p>\n
The modular Smoke Malware loader comes with two additional modules. The first module steals passwords from popular applications, and sends them back to the malicious attackers. The second module is a SOCKS-connection module<\/a><\/strong>, turning malware-infected hosts into stepping stones for anonymizing a cybercriminal’s online activities<\/a><\/strong>.<\/p>\n The first module successfully steals passwords from the following applications:<\/p>\n 32bit FTP And from the following browsers:<\/p>\n Apple Safari The full version of the passwords grabber also works on the following IM applications:<\/p>\n &RQ And how about the price? The price for the Smoke Malware Loader, including and excluding various modules is as follows:<\/p>\n – Only the loader (the non-resident version) – 150 WMZ The modular nature of the Smoke Malware Loader allows the seller of the bot to come up with flexible pricing plans, potentially lowering down the entry barriers into this market segment. The bot’s password grabbing functionality is a great reminder of how you shouldn’t save your passwords in the browser, as they become susceptible to\u00a0extraction techniques like the ones used by the Smoke Malware Loader.<\/p>\n Use a third-party password managing tool, like Webroot’s Password Manager<\/a><\/strong> for instance.<\/p>\n Related posts:<\/p>\n A peek inside the uBot malware bot<\/a><\/p>\n A peek inside the PickPocket Botnet<\/a><\/p>\n A peek inside the Cythosia v2 DDoS Bot<\/a><\/p>\n A peek inside the Umbra malware loader<\/a><\/p>\n You can find more about Dancho Danchev at his\u00a0LinkedIn Profile<\/a><\/strong>. You can also\u00a0follow him on \u00a0Twitter<\/a><\/strong>.<\/em><\/p>\n","protected":false},"excerpt":{"rendered":" The competitive arms race between security vendors and malicious cybercriminals constantly produces new defensive\u00a0mechanisms, next to new attack platforms and malicious tools aiming to efficiently exploit and infect as many people as possible. Continuing the “A peek inside…” series, in this post I will profile yet another malware loader. This time it’s the Smoke Malware […]<\/p>\n","protected":false},"author":65,"featured_media":17052,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":[],"categories":[3005],"tags":[],"yst_prominent_words":[9759,9755,9765,7027,9751,9545,9621,3477,9615,8281,12587,5323,9543,9527,9761,9745,9743,9749,9763,9747],"acf":[],"_links":{"self":[{"href":"https://www.webroot.com/blog/wp-json\/wp\/v2\/posts\/5947"}],"collection":[{"href":"https://www.webroot.com/blog/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https://www.webroot.com/blog/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https://www.webroot.com/blog/wp-json\/wp\/v2\/users\/65"}],"replies":[{"embeddable":true,"href":"https://www.webroot.com/blog/wp-json\/wp\/v2\/comments?post=5947"}],"version-history":[{"count":2,"href":"https://www.webroot.com/blog/wp-json\/wp\/v2\/posts\/5947\/revisions"}],"predecessor-version":[{"id":26123,"href":"https://www.webroot.com/blog/wp-json\/wp\/v2\/posts\/5947\/revisions\/26123"}],"wp:featuredmedia":[{"embeddable":true,"href":"https://www.webroot.com/blog/wp-json\/wp\/v2\/media\/17052"}],"wp:attachment":[{"href":"https://www.webroot.com/blog/wp-json\/wp\/v2\/media?parent=5947"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https://www.webroot.com/blog/wp-json\/wp\/v2\/categories?post=5947"},{"taxonomy":"post_tag","embeddable":true,"href":"https://www.webroot.com/blog/wp-json\/wp\/v2\/tags?post=5947"},{"taxonomy":"yst_prominent_words","embeddable":true,"href":"https://www.webroot.com/blog/wp-json\/wp\/v2\/yst_prominent_words?post=5947"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}![\"\"](\"http:\/\/webrootblog.files.wordpress.com\/2012\/02\/smoke_malware_loader_01.png\" "\\"Smoke_Malware_Loader_01\\"")
<\/a><\/p>\n<\/a><\/p>\n<\/a><\/p>\n<\/a><\/p>\n<\/a><\/p>\n<\/a><\/p>\n
\nBitKinex
\nBulletProof FTP Client
\nClassic FTP
\nCoffeeCup FTP
\nCore FTP
\nCuteFTP
\nDirectory Opus
\nExpanDrive
\nFAR Manager FTP
\nFFFTP
\nFileZilla
\nFlashFXP
\nFling
\nFreeFTP\/DirectFTP
\nFrigate3 FTP
\nFTP Commander
\nFTP Control
\nFTP Explorer
\nFTP Navigator
\nFTP Uploader
\nFTPRush
\nLeapFTP
\nNetDrive
\nSecureFX
\nSmartFTP
\nSoftX FTP Client
\nTurboFTP
\nUltraFXP
\nWebDrive
\nWebSitePublisher
\nWindows\/Total Commander
\nWinSCP
\nWS_FTP<\/p><\/blockquote>\n
\nFlock
\nGoogle Chrome
\nInternet Explorer
\nMozilla Browser
\nMozilla Firefox
\nMozilla Thunderbird
\nOpera
\nSeaMonkey<\/p><\/blockquote>\n
\nAIM Pro
\nDigsby
\nExcite Private Messenger
\nFaim
\nGAIM
\nGizmo Project
\nGoogle Talk
\nICQ\/AIM
\nICQ2003\/Lite
\nICQ99b-2002
\nIM2 (Messenger 2)
\nJAJC
\nMiranda
\nMSN Messenger
\nMySpaceIM
\nOdigo
\nPaltalk
\nPandion
\nPidgin
\nPSI
\nQIP
\nQIP.Online
\nSIM
\nTrillian
\nTrillian Astra
\nWindows Live Messenger
\nYahoo! Messenger<\/p><\/blockquote>\n
\n– Only the loader (TSR version) – 250 WMZ
\n– Grabber LITE – 100 WMZ **
\n– Grabber FULL – 150 WMZ **
\n– SOCKS-module – 50 WMZ (version without bekkonekta) **
\n– HOSTS-module – 25 WMZ **
\n– Rebild loader – 10 WMZ
\n– Update: minor fixes – for free, the rest is discussed separately
\n– Can build to suit your needs grabber<\/p><\/blockquote>\n