The malware listed by ESET and Avast called Napolar can perform distributed denial-of-service attacks, act as a reverse SOCKS5 proxy, steal POP3 and FTP login credentials from email and FTP clients, and steal information entered into Web forms that appear in Internet Explorer, Mozilla Firefox or Google Chrome. Reports of this malware are on the rise.
The criminals who created the malware named it Solarbot. They began marketing the malware to other cybercriminals this past May. Within the last few weeks attacks from Solarbot/Napolar increased to the point that antivirus software vendors are now reporting hundreds of attempted infections a day. In addition thousands of computers in South America have been violated by Solarbot/Napolar.
While Solarbot/Napolar are infecting computers globally, the most attacked regions are Colombia, Venezuela, Peru, Mexico, Argentina, Philippines, Vietnam and Poland.
The makers of Solarbot/Napolar market this malware in the same way any software product is marketed online. The website for Solarbot/Napolar displays a software product with a description, list of features, claims of active and continuing development, a manual for using Solarbot/Napolar and, most importantly, instructions for developing your own custom plug-ins. All for a cost of a meager $200.
The out of the box features listed above are quite impressive, but the real value is being able to extend those features and functions through custom developed plugins. To add real value to your purchase the developer even offers an SDK with sample code. Some of the sample code is for plug-ins to steal Bitcoin wallets as well as collect computer information.
Solarbot/Napolar performs the same functionality as Trojans like Zeus or SpyEye, but it is a bot. The popularity of Solarbot/Napolas will grow. Due to its ease of use, extendibility, active development and professional marketing its use is expected exceed that of other malware.
This represents a change from the previous shadow sales of such malware to a straight up professional business approach to marketing the tools of cybercrime. And this professional business approach is a threat which far exceeds all previous cybercriminal activities.