Aidra bot-net

A place to discuss malware of every flavor, e.g. Storm, Waledac, Conficker and Zeus

Aidra bot-net

Postby g7w » Wed Feb 29, 2012 5:17 am

Aidra bot-net
Copyright (C) 2011 Federico Fazzi, <federico@ahacktivia.org>
a mass-tool commanded by irc that allows scanning and
exploiting routers for make BOTNET (in rx-bot style), in addition to this, with aidra you can perform some attacks with tcp/udp flood.


From http://www.atma.es/
URGENT:
We are detecting a great amount of attacks -mainly Telnet- coming from all sorts of devices like home routers, IPTV set-top boxes, DVDRs, VoIP devices and media centers that have been hijacked by a new malware, named by its primary author "The Aidra bot-net".

Chances are that your desktop antivirus, firewall, etc. will neither detect it nor stop it. Try to keep your net devices off as long as possible, avoid -more than ever- default/empty/trivial passwords and close every port you don't really need.
...
2012 Atma.es, January 26th - February 12th.

the read more links to a zip file containing two live samples, some screen captures and a readme
Code: Select all
http://www.atma.es/aidra.zip


I would have posted in this topic:
P2P (sort of) replaces ZeuS C&C
but I'm not sure if Symantec is talking about the same thing.
Opto, ergo sum
User avatar
g7w
Spam Reporter
 
Posts: 136
Joined: Thu May 20, 2010 12:29 am

Re: Aidra bot-net

Postby AlphaCentauri » Wed Feb 29, 2012 9:55 am

the first thing I thought of was Activia, a yogurt in the US that's supposed to help your bowel function. Interesting name for something that attacks via "floods."
User avatar
AlphaCentauri
You are kiillllling-a my bizinisss!
 
Posts: 5989
Joined: Thu Mar 01, 2007 3:01 am

Re: Aidra bot-net

Postby NotBuyingIt » Wed Feb 29, 2012 5:10 pm

AlphaCentauri wrote:the first thing I thought of was Activia, a yogurt in the US that's supposed to help your bowel function. Interesting name for something that attacks via "floods."
Is Activia ActiveXEnabled? :)

A botnet that I have encountered a few times within the last week checks for mobile devices visiting its malicious web pages. An example is decoded at
http://jsunpack.jeek.org/dec/go?report= ... c12cad85b3

A comment by HansTheBlueFrog in a WOT forum suggests that the cutwail spambot network may be responsible.
NotBuyingIt
Spammer Killing Machine
 
Posts: 609
Joined: Sun Jun 13, 2010 5:22 pm

Re: Aidra bot-net

Postby g7w » Wed Feb 29, 2012 8:01 pm

If you DL the samples, you'll find inside the readme, the author claims his Aidra to be a rewrite of Hydra - Googled

his Tweets: http://twitter.com/#!/federicofazzi

WOT scorecard: twitter.com/federicofazzi
Last edited by g7w on Wed Feb 29, 2012 8:34 pm, edited 1 time in total.
Opto, ergo sum
User avatar
g7w
Spam Reporter
 
Posts: 136
Joined: Thu May 20, 2010 12:29 am

Re: Aidra bot-net

Postby g7w » Wed Feb 29, 2012 8:05 pm

AlphaCentauri wrote:the first thing I thought of was Activia, a yogurt in the US that's supposed to help your bowel function. Interesting name for something that attacks via "floods."

LOL

It's a wonder the author didn't use the pen name J L Curtis; after all , she is the Scream Queen
Opto, ergo sum
User avatar
g7w
Spam Reporter
 
Posts: 136
Joined: Thu May 20, 2010 12:29 am


Return to Malware

Who is online

Users browsing this forum: No registered users and 1 guest

cron