February 5, 2012

You are here: Home / Archives for Botnet

Source Code for ZeuS Trojan Horse Freely Available on the Internet

May 12, 2011 By

The source code for the ZeuS trojan horse (sometimes known as Zbot), that steals banking information by keystroke logging and form grabbing, has been leaked on to the Internet. Peter Kruse of CSIS, a security company from Copenhagen, has confirmed that the archive file, which is available from several underground forums, compiles and is indeed the genuine thing.

According to The H, the source code is for version 2.0.8.9 which is thought to be the latest version. Previously copies of ZeuS sold for several thousand dollars among cyber criminals and organized crime gangs.

The archive file contains a builder that generates the malware executable and Web server files (PHP, images, SQL templates) for use as the command and control server.

How or why this source code has appeared on the net is unclear, however it was reported last year the ZeuS’ creator had retired and turned over the source code to ZeuS to his long time rival.

ZeuS has already caused a lot of damage and its release on the Internet could mean it now poses a greater threat that ever before.

Filed Under: Attack, Attacks, Botnet Tagged With: ,

Koobface server taken down

November 15, 2010 By

A UK internet service provider (ISP) has taken the Koobface social networking botnet Command-and-Control server off-line after security specialists from the SecDev Group informed the UK investigative authorities about the server.While this will temporarily obstruct the botnet, it doesn’t mean that the individuals behind Koobface have been neutralised. It’s probably only a matter of time until the infected computers are redirected to a new server.

Read the full story here.

Source:[TheHSecurity]

Filed Under: Botnet, Security Tagged With: , , ,

SpyEye Tracker

November 9, 2010 By

Abuse.ch. has lunched a new project, SpyEye.  With reference to the project website,  SpyEye Tracker is similar to the ZeuS Tracker but SpyEye Tracker tracks and monitors malicious SpyEye Command & Control Servers and not ZeuS Command & Control Servers.

SpyEye Tracker provides blocklists in different formats (eg. for Squid Web-Proxy or iptables) to avoid that infected clients can access the Command & Control servers.

SpyEye Tracker could be helpful for the ISPs, CERTs and Law Enforcement to track malicious SpyEye Command & Control servers to combat with the cyber criminals.

Source:[https://spyeyetracker.abuse.ch]

Filed Under: Botnet, Malware, Security Tagged With: , , , ,

Once-prolific Pushdo botnet crippled

August 28, 2010 By

Security researchers have disrupted the botnet known as Pushdo, a coup that over the past 48 hours has almost completely choked the torrent of junkmail from the once-prolific spam network.

Researchers from the security inteligence firm LastLine said that they identified a total of 30 servers used as Pushdo command and control channels and managed to get the plug pulled on 20 of them.

Read the full article here.

Source:[TheRegister]

Filed Under: Botnet, Malware Tagged With: , ,

Command and Control Network of Zeus 2 Botnet

August 4, 2010 By

Security researchers have uncovered the command and control network of a Zeus 2 botnet sub-system targeted at UK surfers that controlled an estimated 100,000 computers.

 

Cybercrooks based in eastern Europe used a variant of the Zeus 2 cybercrime toolkit to harvest personal data – including bank log-ins, credit and debit card numbers, bank statements, browser cookies, client side certificates, and log-in information for email accounts and social networks – from compromised Windows systems.

 

Trusteer researchers identified the botnet’s drop servers and command and control centre before using reverse engineering to gain access its back-end database and user interface. A log of IP addresses used to access the system, presumably by the cybercrooks that controlled it, was passed by Trusteer onto the Metropolitan Police.

Read the full article here.

Source: [TheRegister]

Filed Under: Botnet, Malware Tagged With: , ,

AVG Whitepaper: Mumba Botnet

August 2, 2010 By

AVG recently released a whitepaper about Mumba botnet and its implications.

This research revealed that more than 55,000 unknowing Internet user’s machines were compromised with data stealing malware inserted on their machines by the Mumba botnet.

With reference to AVG research report, more than 60 Gig of data was identified on the server including credentials of social networking web sites, banking accounts, credit card numbers and email communications.

Breakdown of the compromised PCs shows, 33 percent of infected users resided within U.S., while other notable affected countries including Germany, Spain, The United Kingdom, Mexico and Canada.

Download AVG Whitepaper Here

Source: [AVG]

Filed Under: Botnet Tagged With: , ,