Here is an older version.  ALL the credit for this goes to the awesome guys at who seem to have no reservation about showing to the world the innovations and backends of these infrastructures of evil.

All of their reports can be found on their section on their website.

I will be attempt to add my spin to research and look for new angles,  Much of this will be reference material for building on further research.  Additionally the goal will be to capture as much code as possible and hosting it here Offensive Computing Style to further research and awareness.

This pack is called Multi Exploits Pack Version 3.1

NOTE:  Early on in order to avoid analysis, sophisticated IP access monitoring is being done to ensure that clients cannot connect to these sites multiple times.  Sounds like a good opportunity to identify any configuration settings that all unfettered access to IPs for adminstration.  If they are stupid enough to put something like that in there, its a good way to conduct attribution.


Here is the annoying thing.

Note the original posting in a forum to sell this puppy.  Malware authors need to be contacted somehow to sell their stuff.  NOTICE THE ICQ ID that for some reason was blurred by the Finjin report.




As you can see here there is a Targetable Identifier.  The ICQ number.  THANKS FINJIN for bluring it.  This information is useful to the community.  Maybe even possible Mob effects can take over for a little bit of Internet Justice.

This is a perfect target to identify the actors and Attribute them.  Law Enforcement should be beating down ICQ operators doors to get a real world Identity on these people, and force them to roll on their clients, better yet pay them to SNITCH or setup a STING.

Or just publish in underground channels that the Individual is now working for law enforcement.  Next thing you know this devious little reputation poisoning attack leads to a dead Russian programmer who turns up in an alley.

Eventually we will need to up the cost to these guys for doing the things they do.  Currently there is almost no risk to their operations.  We need to change that.  How,  by changing tactics…. and being ruthless.


Get every new post delivered to your Inbox.