New variants of the Zeusbot/SpyEye cybercrime toolkit are moving away from reliance on command-and-control (C&C) servers towards a peer-to-peer architecture. C&C servers are the Achilles heel of cybercrime networks, vulnerable to both takedown operations and monitoring by either law enforcement or police. Variants of Zeusbot/ …
"by either law enforcement or police"
In what way are Police not law enforcement?
@Irongut - They mention this
to differentiate between the police and the MPAA lackeys.
"Even a headshot to a zombie network may no longer kill off botnets" -- I'll break out the chainsaw
Criminals use to be ahead in new technologies adoption and deployment. And lusers will still do banking on Windows XP Jack Sparrow edition. With Norton AND Panda installed, of course.
Re: Nothing new.
>>And lusers will still do banking on Windows XP Jack Sparrow edition.
What makes you think it doesn't run on Windows Vista or 7?
As MS points out "... the Malware is primarily designed to work with UAC enabled, and without local exploits."
Re: Re: Nothing new.
Seen it. It does work on 7. Killed it promptly of course. Lucky for the notebook owner I was there to notice it before she got any ideas of online banking. Still, it is a persistent bugger. I'm surprised it hasn't popped up any other time for me.
Does the laptop owner or you know how she got it?
Re: @Bill Neal
"Does the laptop owner or you know how she got it?"
I got this recently as a .zip attachment supposedly from Fedex. The unzipped file was an .exe . Only unzipped it out of curiosity & in any case I'm using Linux. I don't know if it would autoexecute on unzipping in Windows.
Re: where'd she get it?
Not sure, but she is a prolific facebook user & facebook gamer. That would be my 1st guess at a vector.
Interresting way of dealing with source code theft
I mean they simply move on, and improve their product beyond what is already there making the old version simply outdated and leaving that market to the others.
(for all intents and purposes a noob here - security is only tangentially in my interests)
If you have P2P control, could the white hats not set up counter measures to issue instructions to cease & desist? Or some other kinda neutralization/sabotage/owner identification strategy?
I mean, if all of a sudden those trojan's peers can issue commands, then how do they know to trust those peers? I assume signatures and encryption are used to authenticate, but still, there must be some opportunity here, until the next improved version.
My thought's exactly, a simple, "remove bootloader" or del /Windows in x days. type arrangement,
That command would propagate through the botnet and at timebomb time, the whole thing implodes.
Then at least the infected end nodes won't be infecting anyone else soon, and the end users have to deal with the problem.
- Analysis Oh no, Joe: WinPhone users already griping over 8.1 mega-update
- Opportunity selfie: Martian winds have given the spunky ol' rover a spring cleaning
- OK, we get the message, Microsoft: Windows Defender splats 1000s of WinXP, Server 2k3 PCs
- Episode 4 BOFH: Oh DO tell us what you think. *CLICK*
- Spanish village called 'Kill the Jews' mulls rebranding exercise