Ferret DDoS botnet v2.2 – inside the C&C panel


Hi all

Today story about Ferret DDoS bot. :)


For those who missed it – I started to hunt Ferret at about a month ago:


And about a week ago a research of Arbor Networks posted with quite nice analysis. Read it HERE.

It’s the end? :( Nope.

Because today we’ll talk about Ferret Tester v2.2 :)



Here some Commands, quite similar to Arbor’s post list.



List of bots :)


Installation instructions in Russian.



It’s kind of a private bot I’ve seen for a while already here and there.

And here some conclusions, based on my findings so far:

1. I hope You already noticed, that panel name – “Ferret Tester”. It highly possible that this sample provided to potential buyer to have a look on basic version, before purchase of full toolkit. It will explain some things both within code and installation placement I saw.

2. This product made by Russian-speaker[s?] at least. Comments in code and manual vote for it.

3. And now the most wild assumption of mine: I think, that this toolkit was developed by Female :)

Why? Well, If You read Russian, have a look on comment in code:



I cannot translate it to any other language without corrupting the message mojo. :) So please ask Your Russian-speaking Friend to read it and verify it is very “Female sentence”.



Well, that’s it. friends :)

Please stay safe.



  1. This phrase is “Place for future manuals” =)

    dukeBarman, 11/01/2014
  2. Well, it’s not WHAT, but HOW :)

    Denis, 16/01/2014

Leave a comment