Today I’ve got something special for you. It is the front-end of a botnet for spam, i.e. thousands of computers sending out mail indiscriminately,

 

Everything started when I was investigating neosploit (I’ll talk about that another day) and I came across an executable that looked a bit suspicious.

After taking it apart/infecting myself I reached a server with a of series dubious scripts so I decided to dig around a bit more and I came across ZUNKER!

 

The first surprise is the fact that it’s really neatly designed. It’s not hard to imagine what this server does when you take a look at the home page:

 

 

Anyway, you can see that bots are organized by country, and you can see how many bots you have, reports from each one, how much spam has been sent, what software has been used by the bots to send the spam (gmail, IM, forums, etc…):

 

You can also see in the statistics section number of bots, reports, and daily/monthly Spam statistics…not bad eh?:

 

 

So now you’ll ask how to tell the bots what to spam… it’s easy. Just go to the CONTROL menu and there’s a Templates section to define the mail/post that you want each bot to send. You can define the nature of the spam: a text for forums, another for IM, another for webmail, etc.

Once the text is defined, the bots will send/post it:

 

 

Another interesting option of ZUNKER is that you can download Trojans, viruses… whatever you like, to the bots. You can download an executable directly to all bots, or specify IPs, countries, etc…:

 

 

In this case, you can see that most of the bots are in Germany, although no doubt shortly there will be many more ‘clients’.

With a bit more investigation, I found out how the server gets new recruits… using a framework like MPACK, NEOSPLOIT, etc…an unsuspecting user visits a website…where an exe is downloaded and run using an exploit –because the system is not adequately updated-, poor user, now he’s just another………….ZOMBIE…..and you?.