0 Members and 1 Guest are viewing this topic.
http://ondailybasis.com/blog/?p=1368
System requirements:Webserver: Apache2 server,Operating system: Linux, BSD,Access Level: rootPrice: 1000$Installation instructions: Place mod in any folder, edit Apache config file to add 1 string and restart server.Major features:- insert frames in php, html,js on the fly- frame delivered to unique users only, no frame on repeat. << known anti-forensics. Interesting, how this implemented here, external logs or based on Apache2?- possibility framing of traffic, that came from search engines only << looks like again Referer field?- different modes of framing – low, standard, aggressive- update of malicious frame from external URL- Admins of webserver, that have ssh access to it, excluded from frame delivery. System also able to detect Admin’s IP by URL of administrative access and ban Admin IP from framing procedure.- When root or any user in sudo group login into server, module transfer to “quiet mode”, and only when IP of the admin banned or filtered out, server proceed with infecting visitors.- users filtered out by origin, OS version, local IP requests etc. << this is based on User-Agent, as far as I understand.- When module detect any suspicious process in memory(tcpdump, rkhunter etc), it stop the activity- option to encryption of framing.As seller claim, module was used in private for 2 last years, now available for sell. Current version is 14.0Major reason to going public – reticently researchers came close to find it out. So there is no reason to stay private.Mode written in C and PHP
