DiamondFox

DiamondFox is a botnet Trojan that's capable of launching a broad array of attacks against the infected PC, including several ways of collecting information. Despite its possessing various coding vulnerabilities of value to malware researchers, a DiamondFox client is a high-level threat to your security and privacy that you should remove immediately. Since most botnet clients display no outward symptoms to their victims, use your anti-malware products for verifying the presence of this Trojan or deleting DiamondFox's files.

A Predator not Quite as Hard as Diamond

The Trojan 'botnet' that consists of high numbers of infected PCs being data-mined or otherwise exploited via a con artist's Command & Control server is a popular image in the media. However, a Trojan's being widespread, flexible, or highly visible branding doesn't correlate to professional-quality coding necessarily. Some threats can be threatening even while working with severely flawed features, which the DiamondFox botnet Trojan exemplifies.

For a Trojan of its kind, DiamondFox is broadly unfocused exceptionally, with a payload that's configurable for launching campaigns using a variety of attacks against different types of systems. Malware researchers can outline the following as especially predominant risks from DiamondFox attacks:

• DiamondFox may collect credit card and debit card information from a business's Point-of-Sale devices that are responsible for processing customer transactions, by a process known as RAM scraping (scanning the system's memory for unencrypted data).
• This threat also targets the computer users' account information, such as any passwords their local browser settings save.
• Along with these targeted attacks, DiamondFox also includes a comparatively general keylogging function. Keyloggers can record all keyboard input to a text file that they then send to a con artist's Web server.
• Another attack not necessarily targeting the user is DiamondFox's Distributed-Denial-of-Service or DDoS function. The feature may use up significant resources on the infected machine to generate artificial traffic and crash a third-party server.

Despite having many features and even including some protections against a researcher analysis, DiamondFox also shows many amateurish or rushed coding practices. DiamondFox fails to encrypt most of its configuration and C&C communication information, uses unusually open server settings, and includes oversights on how it classifies its collected data. Together, these issues make it simple for malware researchers and others within the PC security sector to track DiamondFox's campaign as it evolves.

Mining Your Way Through the Diamond Trojan Embedded in Your System

One could liken the philosophy of DiamondFox's developers to the creators of a digital blunderbuss: what DiamondFox lacks in precision, design elegance, or efficiency it attempts to compensate for through the broad surface area of its attacks. While it's not as streamlined or secure as, for example, threatening software produced by a government-sponsored dev team, DiamondFox does endanger most of the information stored on an infected system, whether you use that machine for business or personal activities. Malware researchers also can verify some versions of DiamondFox spreading through USB devices, which makes it portable to systems not directly connected to a network.

Different operators renting or purchasing DiamondFox may distribute this threat in a variety of ways. Using general anti-malware security strategies and software should block most infection vectors, and delete DiamondFox in the case of an unexpected security gap (such as a brute force password cracking attack).

Despite its many problems as a network-based program, DiamondFox is no less threatening to the safety of the average PC. Readers should remember that even a crippled fox, much like an unencrypted Trojan, remains capable of biting.

Technical Details