Well Well Well, seems like this has got some attention from various people on the internet. Interesting to see who my readers are and how fast information can be passed. Anyway, it’s time for part 2. One interesting thing to note for this ring3 rootkit. Is if we change the title from msconfig to anything that isn’t msconfig, we can still view the entry smss.exe with the value “Windows”.
So I recently got contacted by someone who said they had KrakenHTTP and wondered if I wanted it. I have been waiting for a while to grab my hands on this, not because it looked amazing. Simply, it was shouting so much on forums on how wonderful it was that I wanted to disprove that it was that great.
The first big let down is that it’s ioncube encoded, I don’t know why some malware developers think it’s appropriate to obfuscate their source. When I’m saying it’s inappropriate I’m not saying this as a researcher but looking a clients viewpoint. You buy yourself a server and decide to start a botnet, you view around forums around various botnets and find “KrakenHTTP”. You purchase this botnet to find out the panel files are encoded with Ioncube (a popular PHP encoder). I am now suspicious on what sort of code is within the panel code and wonder if there is a possibility of a backdoor or bot stealing code? There’s a reason why big names keep things open source kids.
As a UK resident and at the age of 18, I have been in the education system for the majority of my life. I think it’s fair for me to comment on education system within the UK, specifically within the I.T sector. I feel like I have a insight into the education system within the UK and can comment about my experiences and what I think are faults within it.
As most people will know at my age, when you were in secondary school (high school for you US people) you were taught no programming whatsoever. At the age of 16 I had learned HTML and CSS myself and was moving towards PHP and other things. This mistake has been rectified, but way too late in my opinion. I know a large portion of my friends who have no clue with programming at all, the worrying fact is that this is also present within Universities in the UK. I don’t have the biggest of experiences coming down to I.T in secondary school because I chose not to take it as one of my options. I chose to do this because I was already aware of the content within the lessons and that colleges actually didn’t need you to have it as a GCSE (Final grades for international peeps) to join. We were taught spreadsheets from a very early age, which in my opinion is more business than I.T, which I’ll come back to later. We were designing websites, but not through coding, just using simplistic drag and drop programs to create a basic website, not exactly I.T in my view.