The botnet infection has several methods of infection, including USB devices, Microsoft’s MSN service, Yahoo’s Messenger instant messaging service, and as a torrent file. Once a system has been infected, the botnet downloads and install itself on to the computer. It updates itself with the latest instructions from a remote command and control server and scans the host computer to detect what applications are installed. It also randomly removes arbitrary programs, Nazario said.
The bot can detect if tools such as Commview, TCPView and Wireshark are installed on the system. These tools allow the user to examine and analyze packets and network traffic. Skunkx also detect virtualization platforms such as QEMU for Linux, VMWare for Windows and VirtualPC for the MacOS X. It can also steal login credentials that Mozilla applications store in a SQLite database, according to Nazario.
Remarkably, the bot examines the infected system for other botnets and either disables or takes them over. Is it surprising that the hosts may unknowingly host and share multiple botnets with their MSN and Yahoo friends?