Home » New Releases » A new bot unveiled: Solarbot


According to ESET report- “Solarbot emerged as a new botnet,making news over and over again.”

ESET analysts’ further add, – “Solarbot is capable of:
• Rejection of Service (DOS) attacks
• Behave as a SOCKS proxy server
• Thieving data files and records from web forms”

Solar bot gives instructions to the user and makes him to get into intersegment between 32 and 64-bit shell code. Even though the modus operandi of executing 64-bit code within a 32-Bit process is not new, it has not been seeing that it is misused by the malware.
Bot executes the operation within Thread Local Storage or TLS call back functions by extricating code that is encrypted with RC4. It looks for the PUSH EBP set of instruction, to trace the site ((0X55) of decrypted code.

Solarbot or Napolar is a conformist botnet has been around for long. It is frequently used for scattering other malware. This malware often comes with built-in Ddos and proxy modules. The current version of Solarbot attempts to add Tor network support to conceal its C&C server. Conversely, it seems that this attribute is either still undergoing development or has been disabled.
Solar bot builder.exe injects its own files and registry entries into system as soon as it is installed. Start-up items will be changed as well so that it can be activated automatically when you boot up your computer.

In adding up, the bots’ creator had been widely advertising the malware on the web, before the site was taken down just recently.
We’ll continue to keep you updated with any unique findings on the Solarbot malware.As a closing note, users of defencebyte anti-Malware are protected from known Solarbot variants, detected as Malware.Packer.SB.

defencebyte brings you a range of awesome applications or software that allows you target specific issues associated with PC. defencebyte products allow you enjoy fast PC performance without eating up too much disk space. Take a look. We are very sure; you will find the answer to your question.