Ferret DDoS botnet v2.2 – inside the C&C panel

2013.12.23

Hi all

Today story about Ferret DDoS bot. :)

logo

For those who missed it – I started to hunt Ferret at about a month ago:

http://twitter.com/it4sec/status/407021953611210752

And about a week ago a research of Arbor Networks posted with quite nice analysis. Read it HERE.

It’s the end? :( Nope.

Because today we’ll talk about Ferret Tester v2.2 :)

logo

 

Here some Commands, quite similar to Arbor’s post list.

f3

 

List of bots :)

f2a

Installation instructions in Russian.

f4

 

It’s kind of a private bot I’ve seen for a while already here and there.

And here some conclusions, based on my findings so far:

1. I hope You already noticed, that panel name – “Ferret Tester”. It highly possible that this sample provided to potential buyer to have a look on basic version, before purchase of full toolkit. It will explain some things both within code and installation placement I saw.

2. This product made by Russian-speaker[s?] at least. Comments in code and manual vote for it.

3. And now the most wild assumption of mine: I think, that this toolkit was developed by Female :)

Why? Well, If You read Russian, have a look on comment in code:

f5

 

I cannot translate it to any other language without corrupting the message mojo. :) So please ask Your Russian-speaking Friend to read it and verify it is very “Female sentence”.

 

 

Well, that’s it. friends :)

Please stay safe.

D.L.

2 comments

  1. This phrase is “Place for future manuals” =)

    dukeBarman, 11/01/2014
  2. Well, it’s not WHAT, but HOW :)

    Denis, 16/01/2014

Leave a comment