Feeds

back to article ZeuS Trojan embraces P2P – becomes even more sneaky and sticky

New variants of the Zeusbot/SpyEye cybercrime toolkit are moving away from reliance on command-and-control (C&C) servers towards a peer-to-peer architecture. C&C servers are the Achilles heel of cybercrime networks, vulnerable to both takedown operations and monitoring by either law enforcement or police. Variants of Zeusbot/ …

COMMENTS

This topic is closed for new posts.
Silver badge

"by either law enforcement or police"

In what way are Police not law enforcement?

0
0
Anonymous Coward

@Irongut - They mention this

to differentiate between the police and the MPAA lackeys.

0
0
Silver badge
Coat

"Even a headshot to a zombie network may no longer kill off botnets" -- I'll break out the chainsaw

0
0

Nothing new.

Criminals use to be ahead in new technologies adoption and deployment. And lusers will still do banking on Windows XP Jack Sparrow edition. With Norton AND Panda installed, of course.

1
2
Bronze badge

Re: Nothing new.

>>And lusers will still do banking on Windows XP Jack Sparrow edition.

What makes you think it doesn't run on Windows Vista or 7?

http://www.microsoft.com/security/portal/Threat/Encyclopedia/Entry.aspx?Name=Win32%2fZbot

As MS points out "... the Malware is primarily designed to work with UAC enabled, and without local exploits."

0
1
Meh

Re: Re: Nothing new.

Seen it. It does work on 7. Killed it promptly of course. Lucky for the notebook owner I was there to notice it before she got any ideas of online banking. Still, it is a persistent bugger. I'm surprised it hasn't popped up any other time for me.

1
0
Bronze badge

@Bill Neal

Does the laptop owner or you know how she got it?

0
0
Silver badge

Re: @Bill Neal

"Does the laptop owner or you know how she got it?"

I got this recently as a .zip attachment supposedly from Fedex. The unzipped file was an .exe . Only unzipped it out of curiosity & in any case I'm using Linux. I don't know if it would autoexecute on unzipping in Windows.

0
0

Re: where'd she get it?

Not sure, but she is a prolific facebook user & facebook gamer. That would be my 1st guess at a vector.

0
0
Silver badge

Interresting way of dealing with source code theft

I mean they simply move on, and improve their product beyond what is already there making the old version simply outdated and leaving that market to the others.

0
0
Bronze badge
Boffin

Wondering...

(for all intents and purposes a noob here - security is only tangentially in my interests)

If you have P2P control, could the white hats not set up counter measures to issue instructions to cease & desist? Or some other kinda neutralization/sabotage/owner identification strategy?

I mean, if all of a sudden those trojan's peers can issue commands, then how do they know to trust those peers? I assume signatures and encryption are used to authenticate, but still, there must be some opportunity here, until the next improved version.

1
0
Trollface

Re: Wondering...

My thought's exactly, a simple, "remove bootloader" or del /Windows in x days. type arrangement,

That command would propagate through the botnet and at timebomb time, the whole thing implodes.

Then at least the infected end nodes won't be infecting anyone else soon, and the end users have to deal with the problem.

0
0
This topic is closed for new posts.