THOR : Another P2P Botnet in development with extra stealth features
The research community is now focusing on the integration of peer-to-peer (P2P) concepts as incremental improvements to distributed malicious software networks (now generically referred to as botnets). Because “botnets” can be used for illicit ﬁnancial gain,they have become quite popular in recent Internet attacks.
A “botnet” is a network of computers that are compromised and controlled by an attacker. Each computer is infected witha malicious program called a “bot”, which actively communicates with other bots in the botnet or with several “botcontrollers” to receive commands from the botnet owner. Attackers maintain complete control of their botnets, andcan conduct Distributed Denial-of-Service (DDoS) attacks,email spamming, keylogging, abusing online advertisements, spreading new malware, etc.
However, the first botnets that use peer-to-peer (P2P) networks for remote control of the compromised machines appeared in the wild recently. This new bot has a different code base, it uses the same spreading strategy and also seems to maintain a multi-relay (or peer-to-peer) infrastructure just like its predecessor.
Thor is a decentralised P2P botnet , Coded in C / C++ & Developed by "TheGrimReap3r" that has been in development for some time now and is almost ready to go out on sale.The botnet itself has no central command point, so it will be very difficult to shut down, also, very difficult to track where commands are coming from, because all the nodes pass them on.
Thor uses DLL injection, IAT hooking, ring3 rootkit amongst other things to hide. One more interesting Feature that It have it's own module system so you can write your own modules with our easy API system. It include peer to peer communication uses 256-AES encryption with random key generation at each startup.
Thor works on Win 2000+, Win XP SP0/SP1/SP2/SP3, Win Vista SP0/SP1/SP2, Win 7 SP0/SP1 and Support x86 and x64 systems.
The Developers of Thor going to sale this Botnet openly in underground market and various hacking forums at $8000, the package without modules and the expected modules that anyone can buy will be: advanced botkiller, DDoS, formgrabber, keylogger/password stealer and mass mailer.
About the Author: