MalwareIntelligence is a site dedicated to research on all matters relating to anti-malware security, criminology computing and information security in general, always from a perspective closely related to the field of intelligence.

18.2.09

Botnet Zeus. Mass propagation of his Trojan. Part one

Speaking of phishing attacks or kits at this point in history is nothing new, nor is talk of malware infection techniques and their increasingly sophisticated and increasingly aggressive, but the spread and cases of infection and fraud does not stop, even today is a business, apparently very profitable for those behind.

ZeuS (also known as zbot or wsnpoem) precisely squarely into the category of fraudulent and harmful. This is basically a Trojan designed to recruit PCs zombies and phishing attacks to financial institutions, banking, social networking sites, steal data from email authentication, FTP accounts, etc.., combining techniques of scripting, exploit, among other.

66.113.136.225 powelldirects.com/awstats/stat1/main. Exe
79.135.179.180 anytimeshopforall.com / new_dir / ldr. Exe
79.135.187.112 newprogress.info / tmp / ldr. Exe
81.176.123.220 light-money.cn/files/ldr. Exe
81.176.123.221 conexnet.cn / nuc / exe. Php
91.207.117.174 4utraffic.info/tmp/ldr. Exe
118.219.232.248 moqawama.co.cc / zv / cfg. Bin
208.113.161.124 ebayhelp.co.il/4ebay/5e. Txt
115.126.5.50 1.google-credit.cn/q83wi/ld46. Exe
124.217.242.80 custom4all.info/syst/grepko. Exe
193.138.172.5 upd-windows-microsoft.cn/zv/ldr. Exe
195.2.253.137 mega-3k.com/krot22/rege. Exe
195.2.253.186 firebit32.com/mako22/43r. Exe
195.55.174.140 www.provis.es / images / menu. Exe
201.235.253.22 www.elsanto-disco.com.ar/.z/zeus. Exe


211.95.79.6 horobl.cn / dll / cr. Txt

213.205.40.169 www.saiprogetti.it/r. Exe
216.246.91.49 d1gix.net/forum/load. Exe
216.246.91.49 www.commerceonline-service.net/chat/cfg. Ini
218.93.202.114 marketingsoluchion.biz / fkn / config. Bin
218.93.205.242 cosmosi.ru / lsass. Exe
220.196.59.18 infinitilancer.cn / forum / load. Php? Id = 861 & spl = 7
220.196.59.18 nepaxek-domain.cn/stores/hello. World
220.196.59.18 nepaxek-domain.cn/stores/urko. Exe
58.65.236.129 userzeus.com / zw / cfg. Bin
58.65.236.129 verified09.com/ldr. Exe
58.65.236.129 wcontact.cn / zsadmin / ldr. Exe
58.65.237.153 arsofcaribion.com / frontman / ldr. Exe
67.210.124.90 academcity.com/ic/6e. Txt
67.210.124.90 academcity.com/ic/6e. Txt
68.180.151.74 emailsupports.com / Info. Exe
68.180.151.74 emailsupports.com / z / setup. Ini
68.180.151.74 mypage12.com/control/cfg. Bin
72.167.232.78 powelldirects.com / awstats / usbtn / conf. Sts
72.233.79.18 i-love-porno.com/z/ldr. Exe
72.9.154.58 daimtraders.com / vateranery / imgpe. Bin
74.86.115.14 arinina.com/cfg/ntdrv32. Exe
77.222.40.33 chixxxa.com / tru / ldr. Exe
78.159.96.95 zonephp.com/us/us1. Exe
85.12.197.41 danacompany.ru / css / cs. Bin
85.17.109.10 sjfdhw395t.com/newzz/cfg. Bin

It's quite dangerous if we consider that, in addition to the typical actions of the malware, can be obtained by any person to deposit a certain amount of money in the account of its creators.

Perhaps this is one of the best reasons to argue why the large number of variants of "ZeuS" who are In-the-Wild stalking our systems seeking to recruit zombies. The truth is that, although it lives up to its name, is one of the largest botnet time.

Even though this last feature is threatened by other "alternative" world Waledac botnet as the recent Adrenalin, or smaller (in magnitude) Asprox (aka Danmec), the truth is we must be cautious not to be victims of these threats are always looking to successfully carry out its mission: to get our money and computer resources.

Related information
Phishing Kit In-the-Wild for cloning websites
Waledac more loving than ever
Danmec Bot, Fast-Flux networks and recruitment of ...
Malware attack via Drive-by-Download

Jorge Mieres

0 comentarios:

Post a Comment