For a better understanding, Zeus is a toolkit pack which aids a the user with a tool set required to build and administer a botnet. These tools are designed with a focus of stealing banking information. However they can also be used used
for other types of data or identity theft. The toolkit is a marketable product of commercial value, which is sold to potential customers. They are also distributed freely. Like most botnet families, standards framework, Win32/Zbot is built on the client-server model and requires a command and control (C&C) server to which the bots connect to receive instructions from the botnet operator.
The bot comes with a static configuration and a dynamic configuration. The static configuration is built into the tool to proceed with the installation requirements. The dynamic configuration is a file which is downloaded on demand and as and when the payload needs to be altered. Details of the various configuration parameters can be understood through fortiguard website. It installs a rootkit component to remain hidden on infected systems. It is learnt that it disables antivirus and security software in an effort to disguise itself and avoid detection. It is reported that the worm injects itself into the address space of other running processes like Windows Explorer to remain active on infected systems. Refer the article on Zeus in ITNEXT.
The Zeus Control Panel is an open source PHP application that can be run on an IIS or Apache web server says fortiguard. It is used to track the state of controlled botnets and to send script commands to the bots.
Microsoft digital crimes unit had initiated a raid operation code named Operation b71, with a goal of disrupting botnets that used the Zeus, SpyEye
and Ice-IX variants of the Zeus malware family. Because of the financial fraud involved, Microsoft rallied support from
two financial industry associations and made them co-plaintiffs in the case against Zeus. Microsoft’s Digital Crimes Unit represented by Richard Domingues Boscovich, the senior attorney along with Financial Services Information Sharing and
Analysis Center (FS-ISAC) and NACHA The Electronic Payments
Association, as well as Kyrus Tech Inc. had announced a coordinated global action to identify and neutralize the Zeus and other bot operations. Microsoft in its compliant has identified and named two defendants as members behind the Zeus botnet family. It is learnt that defendants were already serving jail time in the United Kingdom for other Zeus malware related charges. The operation b71 was unique for a couple of reasons. The primary reason of interest is the use of the civil section of the RICO anti-racketeering statute
to aid in the investigation. On a larger interest to clean the Internet, Microsoft requested the court and won a court order on Nov. 28 to allow Microsoft and its
financial-services partners to hold and administer the CC servers for two Zeus botnets that had been shut down
through operation b71.
The bot comes with a static configuration and a dynamic configuration. The static configuration is built into the tool to proceed with the installation requirements. The dynamic configuration is a file which is downloaded on demand and as and when the payload needs to be altered. Details of the various configuration parameters can be understood through fortiguard website. It installs a rootkit component to remain hidden on infected systems. It is learnt that it disables antivirus and security software in an effort to disguise itself and avoid detection. It is reported that the worm injects itself into the address space of other running processes like Windows Explorer to remain active on infected systems. Refer the article on Zeus in ITNEXT.
The Zeus Control Panel is an open source PHP application that can be run on an IIS or Apache web server says fortiguard. It is used to track the state of controlled botnets and to send script commands to the bots.
It has again reemerged targeting the zero day threat exploited by stuxnet family. Security firm F-Secure has reported the appearance of strains of Zeus exploiting the same security hole exploited by the Stuxnet worm.
Let us Infoledge
Further reading:
1.http://www.pcmag.com/article2/0,2817,2406651,00.asp
2.http://blogs.technet.com/b/microsoft_blog/archive/2012/03/25/microsoft-and-financial-services-industry-leaders-target-cybercriminal-operations-from-zeus-botnets.aspx
3.http://blogs.technet.com/b/microsoft_blog/archive/2012/07/02/microsoft-names-defendants-in-zeus-botnets-case-provides-new-evidence-to-fbi.aspx
--
Dr.B.M
No comments:
Post a Comment