How Malware Authors Fend Off Security Researchers

[John_Keck]

Security researchers have started seeing malware with fake administration consoles. These fake consoles feed the attacker false/random exploit statistics while gathering and sending back detailed information to the malware author. Once a threat is detected, the entire botnet will DDoS the researcher/hacker. Pretty clever stuff!

"Note that it's common for most exploit toolkits to contain an admin interface that manages exploits, payloads, and tracks exploit success rates. However, the EFTPS exploit toolkit contains a completely fake admin console. This admin interface acts as a 'hacker honeypot' that records detailed information about who attempted to access the admin console, as well as who attempted to hack into it. The fake login system conveniently accepts default/easily guessed credentials and common SQL injection strings."

 

[ktk]

internet ,serious business!

 

[H@RD5]

Pretty creative.

 

[ICOM]

Dang! Being a excrement scumbag hacker is a lot of work...