New variants of the Zeusbot/SpyEye cybercrime toolkit are moving away from reliance on command-and-control (C&C) servers towards a peer-to-peer architecture. C&C servers are the Achilles heel of cybercrime networks, vulnerable to both takedown operations and monitoring by either law enforcement or police. Variants of Zeusbot/ …

COMMENTS

House rules Send corrections

This topic is closed for new posts.

Monday 27th February 2012 16:09 GMT Irongut

"by either law enforcement or police"

In what way are Police not law enforcement?

0 0
1. Monday 27th February 2012 16:35 GMT Anonymous Coward
  
  @Irongut - They mention this
  
  to differentiate between the police and the MPAA lackeys.
  
  0 0
Monday 27th February 2012 16:36 GMT Miek

"Even a headshot to a zombie network may no longer kill off botnets" -- I'll break out the chainsaw

0 0
Monday 27th February 2012 16:37 GMT fridelain

Nothing new.

Criminals use to be ahead in new technologies adoption and deployment. And lusers will still do banking on Windows XP Jack Sparrow edition. With Norton AND Panda installed, of course.

1 2
1. Monday 27th February 2012 17:13 GMT eulampios
  
  Re: Nothing new.
  
  >>And lusers will still do banking on Windows XP Jack Sparrow edition.
  
  What makes you think it doesn't run on Windows Vista or 7?
  
  http://www.microsoft.com/security/portal/Threat/Encyclopedia/Entry.aspx?Name=Win32%2fZbot
  
  As MS points out "... the Malware is primarily designed to work with UAC enabled, and without local exploits."
  
  0 1
  1. Monday 27th February 2012 19:34 GMT Bill Neal
    
    Re: Re: Nothing new.
    
    Seen it. It does work on 7. Killed it promptly of course. Lucky for the notebook owner I was there to notice it before she got any ideas of online banking. Still, it is a persistent bugger. I'm surprised it hasn't popped up any other time for me.
    
    1 0
    1. Tuesday 28th February 2012 01:13 GMT eulampios
      
      @Bill Neal
      
      Does the laptop owner or you know how she got it?
      
      0 0
      1. Tuesday 28th February 2012 11:24 GMT Chemist
        
        Re: @Bill Neal
        
        "Does the laptop owner or you know how she got it?"
        
        I got this recently as a .zip attachment supposedly from Fedex. The unzipped file was an .exe . Only unzipped it out of curiosity & in any case I'm using Linux. I don't know if it would autoexecute on unzipping in Windows.
        
        0 0
      2. Wednesday 29th February 2012 16:51 GMT Bill Neal
        
        Re: where'd she get it?
        
        Not sure, but she is a prolific facebook user & facebook gamer. That would be my 1st guess at a vector.
        
        0 0
Monday 27th February 2012 16:53 GMT Christian Berger

Interresting way of dealing with source code theft

I mean they simply move on, and improve their product beyond what is already there making the old version simply outdated and leaving that market to the others.

0 0
Monday 27th February 2012 23:51 GMT Jean-Luc

Wondering...

(for all intents and purposes a noob here - security is only tangentially in my interests)

If you have P2P control, could the white hats not set up counter measures to issue instructions to cease & desist? Or some other kinda neutralization/sabotage/owner identification strategy?

I mean, if all of a sudden those trojan's peers can issue commands, then how do they know to trust those peers? I assume signatures and encryption are used to authenticate, but still, there must be some opportunity here, until the next improved version.

1 0
1. Tuesday 28th February 2012 17:14 GMT Russ.T.Starfish
  
  Re: Wondering...
  
  My thought's exactly, a simple, "remove bootloader" or del /Windows in x days. type arrangement,
  
  That command would propagate through the botnet and at timebomb time, the whole thing implodes.
  
  Then at least the infected end nodes won't be infecting anyone else soon, and the end users have to deal with the problem.
  
  0 0