Trend Micro Gets into Depth of ‘Elite Control’

Security researchers at the TrendLabs group of Trend Micro have unearthed the code responsible for a dangerous botnet called "Elite Control" that enabled them to closely examine the foundation and capabilities of the attack.

Reportedly, the company identified Elite Loader's different variants as belonging to the Trojan family named DLOADER.

States Maxim Goncharov, advanced threats researcher at TrendLabs, that following the revelation of the source code behind the botnet on a malware forum based in Russia, it can be said that the Trojan is quite tough in its attack, reported eWEEK SECURITY WATCH on November 3, 2009.

In the meantime, Goncharov managed to get hold of the code as well as gathered all the vital information about it, especially the botnet builder's instructions regarding the method of using the command-and-control servers of Elite Control.

He also noted that the code not only installs malevolent files on infected computers, but it also lets its controllers to direct secondary codes onto the computers for theft of passwords, conversion of systems into spambots, or for launching DDoS attacks.

Describing another feature of sophistication in the Trojan, the threat researcher stated that it reports to its controller in a range of impressive ways, while presenting statistical data and sophisticated log filtering, so that botnet controllers are able to handle downloads better, say, region-wise.

Moreover, the command-and-control server also holds considerable statistics as well as utilizes a log-filtering capability for managing the download of software via bots belonging to various countries. In addition, it can disable or enable bots under target on the basis of their location.

The size of the bot is merely 8kb that enables to relatively hide the malware installation process. Also, the working of the bot is most suitable on Microsoft's XP Service Packs 1, 2 and 3 as well as Vista OS, while it backs multiple job incidences.

Additionally, according to the researcher, the business of malware distribution appears to have become open. For example, Elite Loader was published by famous Lonely Wolf, a moderator of the underground forum DaMaGeLaB, containing all the instructions and the thread posts in the archive. Consequently, creating malicious code would become extremely easy.

Related article: Trend Micro Detects Spam Mail Declaring World War III

» SPAMfighter News - 11/16/2009