By Dancho Danchev
The thriving cybercrime underground marketplace has a lot to offer. From DIY botnet builders, DIY DDoS platforms, to platforms for executing clickjacking and likejacking campaigns, next to drive-by malware attacks, the ecosystem is always a step ahead of the industry established to fight back.
Continuing the “A peek inside…” series, in this post I will profile yet another freely available DIY Botnet building tool – the Umbra Malware Loader.
Screenshots of Umbra Malware Loader’s command and control interface:
Some of its core features include:
[+] Builder with Plugin support
[+] Webpanel-Autoinstaller[*] Unicode-compatible
[-] Plugincommand (use Builder/update function for plugins)
What’s particularly interesting about the Umbra Malware Loader is its modular nature, namely malicious attackers can easily introduce new features while using some of the already coded plugins, next to the ones offered as a managed service.
Today’s modern malware is released in DIY fashion; it’s highly customizable, it’s localized in multiple languages, it comes with detailed instructions and HOWTO’s, and most importantly additional features including coding a new one from scratch, are available as a managed service.
Webroot’s security team is currently in a process of analyzing the Umbra Malware Loader. Details will be posted as soon as new data is gathered.
- A peek inside the PickPocket Botnet
- A peek inside the Cythosia v2 DDoS Bot
- Inside a clickjacking/likejacking scam distribution platform for Facebook
- Inside AnonJDB – a Java based malware distribution platforms for drive-by downloads