Nice
Watch a bank-raiding ZeuS bot command post get owned in 60 seconds
Web thieves may get more than they bargained for if tech pros follow the lead of one researcher – who demonstrated how to hack the systems remote-controlling the infamous ZeuS crime bot in 60 seconds. The dangerous Trojan ZeuS infects Windows PCs to, among other things, silently siphon cash from victims' online bank accounts. …
-
-
-
Tuesday 6th May 2014 20:39 GMT Alan Brown
Re: Fantastic, now shut them down!
The bad guys calling the cops would be like Boy George complaining that someone stole his cocaine.
The issue is that some of the bad guys are very very bad indeed, don't like having their toys taken away and don't play by the same sets of rules that 99.999% of the population use. The cops at the door would be preferable.
-
-
Tuesday 6th May 2014 21:18 GMT Daniel B.
Re: Fantastic, now shut them down!
I remember some security firm taking over a botnet but they argued that telling the botnet to "self-destruct" or uninstall could cause unintended consequences in the infested PCs so they didn't do it. I'm guessing that it had more to do with "I don't want to get in trouble with the law" than actual problems.
-
Wednesday 7th May 2014 05:42 GMT king of foo
Re: Fantastic, now shut them down!
Indeed. For me the real question is "why was this published?" Surely the most sane thing to do would have been to go straight to the fibbies or the 'cybercrime' divisions so they can act in secrecy/with impunity?
Or DID they and the geniuses did nothing so they figured "sod it, credit time"? If so then fair enough.
There's an argument that they could simply upgrade to v3.0 to counter this so perhaps the popo are indeed hacking the botnets for intelligence rather than to shut down?
-
-
Tuesday 6th May 2014 17:44 GMT Anonymous Coward
RC4? Really?
They're using a symmetric cypher and relying on obfuscation in the bot to keep the key a secret? What utter amateurs. I'll give you this one for free, malware writers. Generate a public/private keypair. Give the botnet the public key. Make sure your orders to it are signed by your private key, and ignored otherwise. You're welcome.
-
Wednesday 7th May 2014 06:06 GMT FutureShock999
Re: RC4? Really?
You may call them amateurs, but they are in a similar position to Skype, which at one point was ALSO revealed to be using RC4 to secure communications...and crackable.
There are times when using a symmetric cypher makes things easier. But more to the point, it is quite possible that the crew that released this code intentionally went public with a crackable RC4 implementation...and kept a better, more secure one, for their own use.
-
-
-
Wednesday 7th May 2014 10:26 GMT Tim Worstal
hmm.
The real use of this will be by other criminals. Bugger the idea of trying to infect computers with your version of Zeus. Why not take over all the botnets that already have control and then just siphon the cash away from the first set of criminals to yourself.
Might need to invest a bit in personal security at the same time mind.....