osx.raedbot.rar_At Risk_OSX.Raedb_linux trojan_realbasic_xraed

Author : Ag_Raed Location : Tunisia ??? ???? ??????? ?????? Bism ellah al ra7men al ra7im This is OSX.Raedbot a.k.a OSX.Tored-Fam the very first mac os X botnet the very first mac os X email-worm , a Proof-Of-Concept malware written in RealBasic specialy for mac os which i have coded one year ago and decided to share the source code after its high media-attention The purpose of c0ding this malware is to present a novel approach to mac os X malwares however this malware contains a feature never seen before in the malware history it is able to run accross multiple platforms Windows , Linux and Mac OS x and this represents a Cross-Platform innovation . *** The worm's features are : - Copy itself with random name to : System folder Shared folders StartUp folder Preferences folder - Rootkit functionnality : hiding and locking itself - Using its own SMTP engine to Mass-Mail its self to all emails located on the local address book ( bug in Tored.A fiXed ) - Propagates through network shares and removable drives - Propagates throught iChat ( The AppleScriptMBS should been included to the project ) - Try to erase and to terminate all files or proccess which its names contain " Anti " , " Virus " or " Malware " character via Spotlight desktop-search - Connect back to a server to act as a bot _____________________________________ *** The Bot's features are : _ Download and eXecute additionnal files from a remote HTTP server _ Update itself _ Uses the computer's speech synthesizer to pronounce a specifie text string remotely _ Start/Stop keylogging remotely ( Online keylogger to steal sensitive informations ) _ Open a specifie URL with default web browser remotely _ Scan harddrives to list all files and directory remotely _ Perform DDos attacks _ Provides a remote desktop functionality _ Perform spamming over mails and ability to configure the mails options ( subjects , messages .. ) remotely _ Perform IM spamming over iChat and ability to configure the IM messages remotely ( Via AppleScript ) _ eXecute remote shell commands remotely _ eXecute a file remotely _ eXecute an AppleScript c0de remotely _ Search a specifie file remotely via Spotlight desktop-search _ Listen to a specifie port _ Establish new connections _ Redirect the botnet to another server _______________________________________ To be sure this malware never spreaded as media and AVers pretend , this was only a deal between me and my self to c0de an advanced mac os X malware and i have realy too many more important project to accomplish , n0thing more !!! so you take your responsiblity if you spread it , this is only for EDUCATIONAL purposes DONT FUCK ! - s0rry for the bad english - *** Great ThanX to : ( ' * ' describe the friendly relation and the size of greets ) Metalkid ( ******** ) Synge ( ****** ) HichemTahri ( *** ) zer0p ( *** ) fAMINE ( *** ) Noteworthy ( ** ) Squezer ( ** ) Sky0ut ( ** ) GenetiX ( ** ) DrWhax ( ** ) Cyneox ( * ) Benny ( * ) izee ( * ) WarGame ( * ) Retr0 a.k.a wahankh (* ) Urgo32 ( * ) Dr3f a.k.a onrop ( * ) VxF ( * ) to all people on #virus #vxcode @ Undernet N to all the other VXers N AVers who have supported the project . __________________________________________ *** Detection names and virus descriptions -- http://www.f-secure.com/v-descs/worm_osx_tored_a.shtml Worm:OSX/Tored.A ( F-Secure ) -- http://www.symantec.com/security_response/writeup.jsp?docid=2009-050514-1952-99 OSX.Tored@mm ( Symantec ) -- http://threatinfo.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=OSX_TORED.D OSX_TORED.D ( Trend Micro ) -- OSX.Worm.Tored.A ( iAntivirus ) -- OSX/Tored.worm ( McAfee ) -- Email-Worm.OSX.Tored.a ( Kaspersky ) -- http://www.sophos.com/security/analyses/viruses-and-spyware/osxtoredfam.html OSX/Tored-Fam (Sophos) -- OSX/Tored ( CA ) -- Backdoor:MacOS/Tored.A ( Microsoft ) -- http://www.precisesecurity.com/threats/virus/osxraedbot/ OSX.Raedbot ( PreciseSecurity ) *** Articles about A Cross-Platform innovation - http://www.scmagazineus.com/mac-worm-poses-little-risk-represents-cross-platform-innovation/article/136219/ About Tored-Fam - http://www.spamfighter.com/News-12581-Sophos-Discovers-Two-New-Malware-for-Mac-Computers.htm - http://www.hkactivity.com/how-to-remove-tored-fam-mac-osx/ *** Contact X-Ag_Raed-X( at )hotmail( dot )fr