GoolBot – if loving you is wrong, I dont want to be right

by Bananas on Feb.04, 2010, under Malware Research

Goolbot, another Bredolab like malware. The name came from its binary which has the strings “Google Bot”, filled the “User-Agent” in the initial communication request. Surprisingly, it’s quite straight-forward, no fancy encryption, just plain text http. That’s why i love it.

Server response on 30th Jan.

Server response on 3rd Feb.

You may find that, the list changed. Yes, that is the most important characteristic of GoolBot. It will download massive malware onto your computer, turn it to multi-function bot. Usually, it will download FakeAV downloader, Pushdo/Cutwail, Zbot, etc. For the simple solution, you could just block the domain name – klitar.cn.

Comments are closed.

RSS feed for this post (comments)

Tools for Download
SysReveal.zip v1.0.0.72
ThreatenReveal.zip v1.0.0.24
SysTracer.zip v1.0.0.11
Our tool-sets are under developing, only latest versions are available.
Please send your feedback to: epocsoft@gmail.com
Recent Posts
Recent Comments
- Loading...
Tags
2010 anti rootkit bug fix bug reports change log code comments copy dcopy DirMon download EICAR exploit FAT FatFs file system introduction iphone Kaspersky NTFS NTFS-3G ntinternals ntreg Q&A ReactOS source code specification startups suggestions SysReveal SysTracer ThreatenReveal translate windows xml 下载代码卡巴斯基教程木马检测注释源代码病毒翻译

Categories

Meta
- Log in
- Valid XHTML

SYSREVEAL