::
Beta Bot 1.8.0.11 | Panel + Builder
INFORMATIONEN
Version: 1.8.0.11
Bot Updates:
- BTC Miner proactive defense mode added. You can now set a new proactive option that only blocks BTC miners. In addition, the BTC miner detection for the botkiller/pro. defense is now more accurate (#1)
- Bot now reports whether or not a samsung/apple phone/device (galaxy, iphone, ipad, etc) was ever connected to the PC.
- Formgrabber/DNS hooks now more compatible if existing software is hooking relevant functions. Bot will hook the callback of an already installed hook, if necessary
- Formgrabber can now handle filters by content. Instead of specifying URLs to grab from, you can alternatively have the bot search for specific content of a POST request and upload if found (eg: *&password=*)
- POP3 grabber now can intercept logins over SSL-protected connections around 40%+ of the time. Outlook mail client x86 supported. (#2)
- Live login grabber (pop3/ftp) now uploads the domain the captured login was associated with instead of the IP address of the server. If the domain is unable to be determined, the IP will be sent instead. (#2)
- "Ignore child processes of bot process" option added to botkiller
- HIPS bypass updated for:
* Norton AV/IS (HIPS)
* ESET products (HIPS)
* Microsoft Security Essentials - Fixed HIPS issues
* McAfee av killer fixed. Several other McAfee products are now detected and disabled
* Malwarebytes Pro- Download task / DLL load option is now fixed. Additional options added to run a CPL file, and an option to use Rundll32.exe instead of zombifying a trusted process for the downloaded DLL
- Extra UAC bypass method implemented. It's not undiscovered, but it's relatively unused and viable for Windows 7+. Only used when bot is injected into Windows processes.
- Disables core components of older Betabot versions (such as persistence, botkill (sometimes) and hook restoration). This functionality can be turned on/off.
Panel Updates:
- You can now view what bots completed a specific task, and also specific error/success information (if available) (#3)
- "Quick info" expandable area added for each bot entry on the main page. You can now see slightly more info on each bot by expanding it
- Added more statistics and some graphs regarding dead bots to the statistics page
- Individual grabbed login entries can now be deleted
- Added more task filter options:
* Apply task only if bot is currently marked as dirty
* Do not apply task to any bots marked as a favorite
* Apply task only on bots older than 24 hours
* Apply task only on bots older than 6 hours- Added 'gate filters' to security settings. You can now block bot communications by country
- Updated geoip CSV included in panel files
- Changed look of parts of the panel
- Added more log options for event monitor
- Added a few options to panel settings to help optimize / speed up page loading
- Added a new range of options in panel settings for changing minor aspects of bot functionality
- gate_err.txt gate debug output (logs request failures) can now be toggled on/off
- "View bot information" page added. In addition to all the other extended information (including some new attributes), you can configure the bot to upload the system process list, autostart entries from most commonly used autostart registry locations and the installed software list. These additions will give you a much greater ability to guage the usefulness of individual machines. As time goes on, more information can be collected and uploaded if useful enough
- Panel alerts/notices feature has more options. Users can create notices in the red alert color and also create notices that are displayed on the tasks / statistics page for greater exposure. Up to 3 notices are now displayed so responses can be viewed, and the user will be notified if more than 3 notices exists.
Fixes/Tweaks:
- Update functionality now slightly more reliable
- Improved panel main bot list load time
- Formgrab filters page now enforces filter limit. Although the bot has always refused to load a list of filters greater than 1024, now the panel actually prevents that many from ever being added
- Fixed alignment issues on statistics page with large bot counts, as well as issue with current group display name
- Bots marked as 'deleted' are now cleared when 'Delete dead bots' is clicked in panel settings
- Minor changes to page numbering and the number of grabbed forms/logins displayed at one time
- Misc tweaks made to AV killer
- Bot now properly recognizes Windows 8.1 (as W8 on panel). Previously forgot to do this
- Data for UDP ddos is now more randomized
- C2 server requests optimized to consume slightly less bandwidth when bot registers with server on reboot
- Fixed bug in formgrabber where URL filters were case-sensitive, resulting in some missed form captures if actual URL was a different case than the filter
- Fixed a few bugs in botkiller and made some additional enhancements
- Fixed injection issue related to low integrity processes (such as IE9+) that was causing seemingly random crashes from time to time
- Fixed issue with memory cache support on panel where two different panels served by the same web daemon would use the same memory cache variable, thus producing very crazy results
- Fixed encoding issue with database queries causing some characters to show up oddly
- Fixed a bug with the login grabber sometimes (albeit rarely) mismatching credentials from different sessions
- Fixed installation issue regarding improper DACL usage
- Fixed issue where two updates at the same time could cause bot to corrupt installation and not come back
- Fixed some improper uses of signed int by panel on 32-bit servers
- Fixed by causing IP filters for tasks to not work
- Fixed issue where log options could be unset even if user account has no privileges to view/configure logs
- Significantly improved load time of grabbed forms/logins page
- Made changes to reduce "duplicate bot" entries
- Botkiller now disables unsigned BHOs for IE if option is selected. Previously was broken
- Fixed crash issue on Windows 8 x64