Elite Loader Goes Public
From Trend Micro Countermeasure blog:
A few days ago, I got access to the source code of the well-known Elite Loader for free. Yes. It was published on one of the Russian underground forums. It even had a detailed description and screenshots showing how to use the application’s command and control (C&C) server.
Apart from dropping malicious files on infected machines, Elite Loader also allows malicious users to upload additional software to targeted systems to steal passwords or deploy spam or distributed denial of service (DDoS) modules that other cybercriminals can use.
The bot’s C&C also contains significant statistics and makes use of a log-filtering feature to manage module downloads from the bots in different countries. It can also enable or disable target bots based on their location.
The bot’s size is only 8kb, making the dropping process relatively hidden. The bot works perfectly well on the Microsoft XP Service Packs 1, 2, and 3 and Vista OSs and supports multiple job instances.
The malware distribution business seems to have gone public.
http://blog.trendmicro.com/elite-loader-goes-public/