Malware Domain List

Malware Related => Malware Analysis => Topic started by: SysAdMini on August 24, 2011, 07:13:32 pm

Title: Ice - IX botnet
Post by: SysAdMini on August 24, 2011, 07:13:32 pm
Ice IX is a new bot form-grabber similar to Zeus , but a big rival to it. It is based on modified Zeus 2 core.
The core was redesigned and enhanced. It was enhanced bypassing the proactive protection and firewall using driver mode, injects are working more stable on IE and Firefox based browsers.
The main goals were adding protection from detection by trackers, getting higher response, more stealthiness, and longer vitality. The goals were successfully reached.
Support is also available, free updates to new version for current clients.

Main functionality:
*   Key logging (with ability to get screenshots of mouse pointer zone)
*   Grabbing of http and https forms and injects (standartd format of injects for Zeus) in Explorer and Mozilla Firefox (also all wininet.dll and nspr4.dll based browsers: AOL, Maxton…)
*   Grabbing cookies, .sol files, saved form data
*   Grabbing FTP clients: FlashFXP, Total Commander, WsFTP 12, FileZilla 3, FAR Manager 1,2, WinSCP 4.2, FTP Commander, CoreFTP, SmartFTP
*   Grabbing Windows Mail, Live Mail, Outlook
*   Socks 5 with back connect
*   Screenshots in real-time, you can say what URL to be screened
*   Getting certificates from “My” store and clearing it. After clearing new imported certificate will be saved to server
*   Searching files on logical disks by mask or loading an exact file
*   TCP traffic sniffer
*   Wide range of command to control an infected PC (download and execute arbitrary file, setting home page, enable/disable injects, kamikaze etc…like in Zeus

Main advantages:
*   Protection from Trackers.
The config file now id getting not directly but throw the proxy.php file where you should enter the same key using for crypt data exchange between bot and control panel. If the request for config is created not by bot with the same key the 404 error will be returned. So no way to download and analyze the configuration file.
This is a major advantage if you are creating a big botnets, because the main problem of original Zeus - it is trackers.
*   Higher response and longer vitality. It is cheaper to create the botnet.
*   Updates and support. All updated for 1.x.x version are free for customers
*   A possibility to develop custom solutions.

In current development:
Adding http fakes for Firefox
Adding blocking/bypassing for Spy Eye
Changing of algorithm of crypting data exchane bettween bot and control panel

Price for personal licence for current version 1.0.5.
*    Version with binding to host: $600/LR/WMZ . Bot and builder with ability to create config file is included
*    License for builder without limitation: $1800/LR/WMZ/


ICQ : 610875708
Jabber :

Verified at : (reviews also)




Ice9 новый зевсоподобный бот-формграббер.
За основу была взята версия второй линейки ZeuS и была качественно переработанна и улучшена.
Главной задачей ставилось повышение отстука относительно своего прародителя и данная задача была успешно выполнена.
Усовершенствован обход проактивных защит и фаерволлов.
Так же переработке подверглась технология инжектирования позволяющая инжектам работать гораздо стабильнее.
Бот постоянно развивается и дополняется.

Бот имеет привязку к хосту, так же постовляется расширенная версия билдера без привязки.

Стоимость лицензии с привязкой к хосту: 600WMZ/LR/WMZ USD
Стоимость лицензии без привязки к хосту: 1800WMZ/LR/WMZ USD

Контакты ICQ/Jabber: 610875708 / (Ice IX)

Title: Re: Ice - IX botnet
Post by: SysAdMini on August 24, 2011, 07:18:06 pm
Ice IX, the first crimeware based on the leaked ZeuS sources

for a sample look at
Title: Re: Ice - IX botnet
Post by: SysAdMini on August 25, 2011, 01:16:39 pm
Ice IX Or Just ZeuS?
Title: Re: Ice - IX botnet
Post by: SysAdMini on August 29, 2011, 12:43:13 pm
Meet Ice IX, Son Of ZeuS
Title: Re: Ice - IX botnet
Post by: SysAdMini on September 14, 2011, 10:58:36 am
Ice IX: not cool at all
Title: Re: Ice - IX botnet
Post by: SysAdMini on October 20, 2011, 06:58:44 am