Author Topic: Ice - IX botnet  (Read 13174 times)

0 Members and 1 Guest are viewing this topic.

August 24, 2011, 07:13:32 pm
Read 13174 times

SysAdMini

  • Administrator
  • Hero Member

  • Offline
  • *****

  • 3335
Quote
Ice IX is a new bot form-grabber similar to Zeus , but a big rival to it. It is based on modified Zeus 2 core.
The core was redesigned and enhanced. It was enhanced bypassing the proactive protection and firewall using driver mode, injects are working more stable on IE and Firefox based browsers.
The main goals were adding protection from detection by trackers, getting higher response, more stealthiness, and longer vitality. The goals were successfully reached.
Support is also available, free updates to new version for current clients.

Main functionality:
*   Key logging (with ability to get screenshots of mouse pointer zone)
*   Grabbing of http and https forms and injects (standartd format of injects for Zeus) in Explorer and Mozilla Firefox (also all wininet.dll and nspr4.dll based browsers: AOL, Maxton…)
*   Grabbing cookies, .sol files, saved form data
*   Grabbing FTP clients: FlashFXP, Total Commander, WsFTP 12, FileZilla 3, FAR Manager 1,2, WinSCP 4.2, FTP Commander, CoreFTP, SmartFTP
*   Grabbing Windows Mail, Live Mail, Outlook
*   Socks 5 with back connect
*   Screenshots in real-time, you can say what URL to be screened
*   Getting certificates from “My” store and clearing it. After clearing new imported certificate will be saved to server
*   Searching files on logical disks by mask or loading an exact file
*   TCP traffic sniffer
*   Wide range of command to control an infected PC (download and execute arbitrary file, setting home page, enable/disable injects, kamikaze etc…like in Zeus 2.0.8.9)

Main advantages:
*   Protection from Trackers.
The config file now id getting not directly but throw the proxy.php file where you should enter the same key using for crypt data exchange between bot and control panel. If the request for config is created not by bot with the same key the 404 error will be returned. So no way to download and analyze the configuration file.
This is a major advantage if you are creating a big botnets, because the main problem of original Zeus - it is trackers.
*   Higher response and longer vitality. It is cheaper to create the botnet.
*   Updates and support. All updated for 1.x.x version are free for customers
*   A possibility to develop custom solutions.

In current development:
Adding http fakes for Firefox
Adding blocking/bypassing for Spy Eye
Changing of algorithm of crypting data exchane bettween bot and control panel

Price for personal licence for current version 1.0.5.
*    Version with binding to host: $600/LR/WMZ . Bot and builder with ability to create config file is included
*    License for builder without limitation: $1800/LR/WMZ/


Contact:

ICQ : 610875708
Jabber : iceix@secure-jabber.biz


Verified at :

exploit.in/forum/index.php?showtopic=47830 (reviews also)
xakepy.cc/showthread.php?t=70133
korovka.name/showthread.php?t=1771

Screens

Webpanel:
http://img594.imageshack.us/img594/981/admin1z.jpg
http://img600.imageshack.us/img600/5638/admin2b.jpg

Builder:
http://img146.imageshack.us/img146/7562/builderl.jpg


Ice9 новый зевсоподобный бот-формграббер.
За основу была взята версия второй линейки ZeuS и была качественно переработанна и улучшена.
Главной задачей ставилось повышение отстука относительно своего прародителя и данная задача была успешно выполнена.
Усовершенствован обход проактивных защит и фаерволлов.
Так же переработке подверглась технология инжектирования позволяющая инжектам работать гораздо стабильнее.
Бот постоянно развивается и дополняется.

Бот имеет привязку к хосту, так же постовляется расширенная версия билдера без привязки.

Стоимость лицензии с привязкой к хосту: 600WMZ/LR/WMZ USD
Стоимость лицензии без привязки к хосту: 1800WMZ/LR/WMZ USD

Контакты ICQ/Jabber: 610875708 / iceix@secure-jabber.biz (Ice IX)



Ruining the bad guy's day

August 24, 2011, 07:18:06 pm
Reply #1

SysAdMini

  • Administrator
  • Hero Member

  • Offline
  • *****

  • 3335
Ruining the bad guy's day

August 25, 2011, 01:16:39 pm
Reply #2

SysAdMini

  • Administrator
  • Hero Member

  • Offline
  • *****

  • 3335
Ruining the bad guy's day

August 29, 2011, 12:43:13 pm
Reply #3

SysAdMini

  • Administrator
  • Hero Member

  • Offline
  • *****

  • 3335
Ruining the bad guy's day

September 14, 2011, 10:58:36 am
Reply #4

SysAdMini

  • Administrator
  • Hero Member

  • Offline
  • *****

  • 3335
Ruining the bad guy's day

October 20, 2011, 06:58:44 am
Reply #5

SysAdMini

  • Administrator
  • Hero Member

  • Offline
  • *****

  • 3335
Ruining the bad guy's day