Herpes bot master outed

Powered by SC Magazine
 

Lax identity protection leads to downfall.

A security researcher has decompiled the Herpesnet botnet and exploited the network to out its developer.

The Herpesnet developer using the alias Frk7 spread the bot over Twitter and security forums to sell subscriptions to the service.

HerpesNet, via YouTube

Reverse engineer and penetration tester Paul Rascagneres (RootBSD) examined the bot and found and exploited a time-based SQL injection in the command and control client.

That served database tables and later allowed Rascagneres to upload Metaspolit's Meterpreter payload to open a shell on the developer's machine.

Rascagneres discovered what he said was a string of personal information including the owners real identity and Facebook account.

The owner was reported by Rascagneres to be an 18 year old Italian man. The details matched with the bio of the Herpesnet Twitter account.

The botnet's website was taken offline and a war of words ensued between Rascagneres and the developer

Frk7 claimed to have done "nothing illegal" and had sold the bot to pay for tuition.

The Secure Domain Foundation, a self-described "public benefit, non-profit, malicious domain slaughter house" chimed in via Twitter and quipped: "Lesson of the day. If you are selling botnet related services, don't directly tie it to your real name ".

A Google web cache page on 19 May indicated the network controlled 9827 bots and had 1947 users.

A technical write up can be read on Malware.lu, a small outfit of security boffins dedicated to malware analysis.

Copyright © SC Magazine, Australia


Herpes bot master outed
 
 
 
Top Stories
At the top of her game
A decision to bring digital operations back in-house three years ago has paid big dividends for Tabcorp.
 
Westpac hires SAP man as CTO
Creates four new IT lead positions.
 
Qld Transport to replace core registration system
State's biggest citizen info repository set for overhaul.
 
 
Sign up to receive iTnews email bulletins
   FOLLOW US...
Latest Comments
Polls
Who do you trust most to protect your private data?







   |   View results
Your bank
  38%
 
Your insurance company
  3%
 
A technology company (Google, Facebook et al)
  8%
 
Your telco, ISP or utility
  7%
 
A retailer (Coles, Woolworths et al)
  2%
 
A Federal Government agency (ATO, Centrelink etc)
  21%
 
An Australian law enforcement agency (AFP, ASIO et al)
  15%
 
A State Government agency (Health dept, etc)
  5%
TOTAL VOTES: 972

Vote