A few days ago, security researchers from McAfee came across the source code of a botnet on Pastebin, the popular paste site. After analyzing the code, experts have found a couple of interesting features that are worth mentioning.
While the installation process and the way it communicates with its command and control server are fairly standard for a bot, the anti-analysis features make it stand out from the crowd.
To ensure that their botnet can’t be investigated by security solutions providers, the creators of the malicious element included a couple of mechanisms that detect the presence of a sandbox environment or a network monitoring tool, such as Wireshark, SysAnlyzed, or OllyDbg.
In case the aforementioned pieces of software are detected, the bot terminates its process. This way the botnet operators can make sure that researchers can’t come up with countermeasures.
Fortunately, the source code
offers great insight on a botnet’s inner workings.