AnonWare - Anonymous developer creates Malware framework

Anonymous developers creating Malware framework. (Image: Anonymous._

Code posted to Pastebin.com over the weekend outlines a framework developed by someone within Anonymous, aimed at creating customized malicious software. Pitched as open source Malware, AnonWare, is said to be always changing, improving, and evading.

The code, written in C#, is only a framework for Malware development. Passive examination shows that it is not malicious on its own. However, the comments left inside the framework’s code, clearly demonstrate how to achieve that result with the basic skeleton provided.

“…welcome to a new age of malware…one where AV software can't pick out the latest tweaks of malware…one where the malware is open source and always changing, improving, evading…one where AnonWare is only the beginning…you can stop AnonWare...but you can't stop what's to come…Expect Us. Expect the Future…,” a note left with the code says.

In response to emailed questions, AnonDev, the coder behind AnonWare, offered a little more information.

AnonWare was created “...to provide a simple, basic piece of malware that beginning or intermediate virus writers could use to simplify the process. No need to reinvent the wheel,” the email explained.

“Ultimately, I would love for it to become the de-facto standard for open source viruses…really hoping that people start sending in code improvements so that AnonWare can begin to reach this goal.”

“Actually, I coded it in a couple days…extremely surprised that it got 118 views so far [on Pastebin]; was expecting like 2 views per hour…hope [people] spread it on social networks, IRC and the like so we get more usage, testing, and improvements.”

AnonWare can be configured for usage on Windows XP, Windows Vista, or Windows 7. In addition, the framework is using runtime compilation instead of downloading executables. This will allow the code to bypass some of the application signing requirements imposed by Microsoft.

It’s unknown if this framework will gain any momentum within Anonymous. While methods such as Web exploitation and DDoS are commonly used by the loosely associative group, Malware development and distribution is not.

However, Ryan Cleary, an ex-supporter of Anonymous, was arrested and charged with controlling and allowing others to access a botnet earlier this summer. Botnets only exist because custom Malware such as this.

We’ve asked a few security vendors to look at the source and share their thoughts. Once we hear back from them, we will update this article. [Updates below]

In related news, Anonymous is developing a new DDoS tool. So far, what they have is something that is platform neutral, leveraging JavaScript and vulnerabilities within SQL to create a devastating impact on the targeted website.

The new tool, called #RefRef, is set to be released in September, according to an Anon promoting it on IRC over the weekend. Developed with JavaScript, the tool is said to use the target site’s own processing power against itself.

Further information on #RefRef is here.

Update:

"I've looked at the code, it's really unimpressive. It's essentially an ad-hoc C# compiler, that pulls source code from a user specified domain," explained a threat researcher at Sophos.

"The comments on the code are quite surprising, it seems to indicate either a distinct lack of knowledge, laziness or amaturism. In essence, this framework, as it is, will download and compile source code from a user-specified domain [and] the created file is named assemble.exe (this is hardcoded at the moment, but will eventually be psuedo-random, based on the code + comments). It's all quite primitive at the moment and doesn't offer any kind of encryption or obfuscation. I'm just writing detection for the compiled exe at the moment, but we'll be sure to keep an eye on it."

--

"I think by far the most interesting parts of this code snippet are the comments made by the author. The author doesn't seem to be aware of the fact that malware has been evolving and morphing on a regular basis for years now," said Pierre-Marc Bureau, the senior researcher at ESET.

"A good example is the blog post we have just published. There is a new version of  Win32/PSW.OnlineGames.OUM released every day, for the purpose of evading antivirus detection. There has been malware frameworks being used by malicious actors for many years too. The Butterfly kit (detected by ESET as Win32/Peerfrag), SpyEye and Zeus are only examples of such frameworks. As for the functionalities of the code, I could not find anything that  would teach malware authors any  trick they didn't already know."

Like this article? Please share on Facebook and give The Tech Herald a Like too!

From our Other Sites

McLaren 675LT Pictures

Some great shots of the forthcoming McLaren 675LT. This coupe will get you to 60mph in less than 2.9 second and go all the way to 205mph.

McLaren 675LT Details

McLaren’s 675LT will debut at this year’s Geneva show and promises some eye-popping performance. The coupe only 675LT has a 3.8 liter V8 that will get you from 0-60mph in less than 2.9 seconds and to 124mph in less than 7.9 secondsMore than a third of the parts have been changed compared with its stable mate […]

Octopus hunts on land, grabs crab (Video)

This crab is minding its own business searching the rock pools for food when suddenly an octopus leaps out of the water and grabs it. The amazing thing is that the octopus does not just jump on the crab it actually pulls it all the way back to the rock pool it came from. If you check the second video you will see it is not unknown for octopus to come out of the water and the one in the second video has a crab with it, though is not hunting one! Octopus Walks on Land at Fitzgerald Marine Reserve The video was taken by Porsche Indrisie in Yallingup, Western […]

Stunning Mars Rover Selfie

This image by the Curiosity Mars rover is not exactly your typical selfie. It is made up of a bunch of images taken by the rover during January 2015 by the Mars Hand Lens Imager. This (MAHLI) camera is at the end of the robot’s arm. For a sense of scale the rover’s wheels are about 20 inches diameter and 16 inches wide. Check the annotated image below for more information on the surroundings. Also if you really want to see some detail click this very large image, 36mb, at NASA.  

How the Sahara Helps Feed the Amazon (Video)

Sahara to Amazon
This cool video from NASA shows how dust is transferred across the Atlantic to the Amazon rainforest and helps nourish the plants growing there. For the first time scientists have measured the amount of dust and the amount of phosphorus in the dust. The later acts like a fertiliser and helps replenish the phosphorus the rainforest loses each year, around 22,000 tons. Amazing how something we perceive as being desolate like a desert actually has an important role in sustaining somewhere we see as teeming with life. Image and video from NASA’s Goddard Space Flight Center.

Bouncing Laser Guided Bomb (Video)

This amazing video shows a laser guided bomb bouncing back up after hitting its target. We actually think this is a non-explosive bomb designed to test guidance systems but it is still pretty remarkable and somewhat scary.

South Koreans Swallowed by Sinkhole (Video)

Thankfully the couple survived their adventure.
This amazing footage taken from the CCTV on a passing bus shows the moment two pedestrians in South Korea fall down a sinkhole in the street! Rescue workers managed to save the pair, who were treated in a nearby hospital for minor injuries. According to reports the city authorities and the Korean Geotechnical Society are looking into the cause.

Cheetah Pictures

Some Cool Cheetah Pictures Cheetahs are found mainly in Africa but also some parts of the Middle East. These sleek animals are the fastest land mammals in the world and can hit 60 mph in about 3 seconds, though they cannot maintain this speed for long. Cheetahs prey mostly on antelopes and smaller mammals but occasionally go for something bigger. We hope you enjoy these photos and don’t forget to check out the other speedy land mammals on our list of the fastest.

Sherlock Holmes Quiz

Sherlock Holmes
Sherlock Holmes was a man who absorbed information like a sponge and had a razor sharp mind. How much do you know about the famous fictional detective from the books?

22 years without Ferruccio Lamborghini

Lamborghini posted this photo today saying: “22 years without Ferruccio Lamborghini.” Ferruccio passed away on February 20th 1993 aged 76. Interestingly he started out making tractors!