Malware researcher and analyst Dancho Danchev has discovered what appears to be an upgraded version of a previously unknown commercially available malware platform.
The package comes complete with “DNS Changer, Loaders, Injects, and Ransomware features,” that can be used to deny a target’s access to the Internet, and promises to deliver modules for “stealth VNC, and Remote IE,” which could allow attackers to “hijack any sort of encrypted session.”
“With prices for the standard package starting from $1,500, I expect that the malware bot will quickly gain market share thanks to its compatibility with existing/working crimeware concepts/releases, as well as thanks to the general availability of 24/7/365 managed malware crypting services, applying the necessary degree of QA (Quality Assurance) to a potential campaign before launching it,” Danchev writes.
“Moreover, yet another factor that would greatly contribute to the success of such type of newly released platforms is the the ease of acquisition of legitimate traffic — think blackhat SEO, compromised FTP accounts, or mass SQL injection campaigns — to be later on converted into malware-infected hosts, most commonly through social engineering, or the client-side exploitation of outdated and already patched vulnerabilities in browser plugins/third-party applications.”
Read More Here…