BlackEnergy 2 Revealed presented at AUScert 2010

by Joe Stewart,

Summary : BlackEnergy is a popular DDoS trojan written by "Cr4sh", a member of the Russian hacking group "Hell Knights". Recently a major new version of the trojan in extremely limited circulation was identified in the wild by the presenter of this talk. This new rewrite of the trojan expands BlackEnergy's capabilities from a simple DDoS trojan to a stealthy modular platform for DDoS, spam and banking fraud.
This talk is an in-depth look at the low-level functionality of the BlackEnergy 2 trojan. After listening to this talk, attendees should be able to:
Contrast the differences between BlackEnergy versions 1 and 2
Detail the encryption and compression algorithms used in version 2
Understand the rootkit/process-injection method used in version 2
Enumerate the core functions of the main BlackEnergy 2 module
Understand the basics of the BlackEnergy 2 plugin API
Describe the functionality of all known BlackEnergy 2 plugins