The firm’s researchers fired up HoT’s Windows bot builder programme, using it to create a working binary for test purposes. Immediately, they started noticing inefficiencies in its design such as the need to generate a new binary every time basic configuration changes were made.
Under Fedora 19, while HoT was able to infect the machine but also caused the Firefox Linux browser to crash and freeze, and turned out to capture unnecessary amounts of data that would have complicated the task of stealing credentials.
Under Ubuntu 12.04, HoT failed to work at all thanks to this distribution’s ptrace scope protection. Even disabling this made little difference as the browser suffered similar crashes and the malware proved unable to capture anything.