Botnet Zeus. Mass propagation of his Trojan. Part one
Speaking of phishing attacks or kits at this point in history is nothing new, nor is talk of malware infection techniques and their increasingly sophisticated and increasingly aggressive, but the spread and cases of infection and fraud does not stop, even today is a business, apparently very profitable for those behind.
ZeuS (also known as zbot or wsnpoem) precisely squarely into the category of fraudulent and harmful. This is basically a Trojan designed to recruit PCs zombies and phishing attacks to financial institutions, banking, social networking sites, steal data from email authentication, FTP accounts, etc.., combining techniques of scripting, exploit, among other.
66.113.136.225 powelldirects.com/awstats/stat1/main. Exe
79.135.179.180 anytimeshopforall.com / new_dir / ldr. Exe
79.135.187.112 newprogress.info / tmp / ldr. Exe
81.176.123.220 light-money.cn/files/ldr. Exe
81.176.123.221 conexnet.cn / nuc / exe. Php
91.207.117.174 4utraffic.info/tmp/ldr. Exe
118.219.232.248 moqawama.co.cc / zv / cfg. Bin
208.113.161.124 ebayhelp.co.il/4ebay/5e. Txt
115.126.5.50 1.google-credit.cn/q83wi/ld46. Exe
124.217.242.80 custom4all.info/syst/grepko. Exe
193.138.172.5 upd-windows-microsoft.cn/zv/ldr. Exe
195.2.253.137 mega-3k.com/krot22/rege. Exe
195.2.253.186 firebit32.com/mako22/43r. Exe
195.55.174.140 www.provis.es / images / menu. Exe
201.235.253.22 www.elsanto-disco.com.ar/.z/zeus. Exe
211.95.79.6 horobl.cn / dll / cr. Txt
213.205.40.169 www.saiprogetti.it/r. Exe
216.246.91.49 d1gix.net/forum/load. Exe
216.246.91.49 www.commerceonline-service.net/chat/cfg. Ini
218.93.202.114 marketingsoluchion.biz / fkn / config. Bin
218.93.205.242 cosmosi.ru / lsass. Exe
220.196.59.18 infinitilancer.cn / forum / load. Php? Id = 861 & spl = 7
220.196.59.18 nepaxek-domain.cn/stores/hello. World
220.196.59.18 nepaxek-domain.cn/stores/urko. Exe
58.65.236.129 userzeus.com / zw / cfg. Bin
58.65.236.129 verified09.com/ldr. Exe
58.65.236.129 wcontact.cn / zsadmin / ldr. Exe
58.65.237.153 arsofcaribion.com / frontman / ldr. Exe
67.210.124.90 academcity.com/ic/6e. Txt
67.210.124.90 academcity.com/ic/6e. Txt
68.180.151.74 emailsupports.com / Info. Exe
68.180.151.74 emailsupports.com / z / setup. Ini
68.180.151.74 mypage12.com/control/cfg. Bin
72.167.232.78 powelldirects.com / awstats / usbtn / conf. Sts
72.233.79.18 i-love-porno.com/z/ldr. Exe
72.9.154.58 daimtraders.com / vateranery / imgpe. Bin
74.86.115.14 arinina.com/cfg/ntdrv32. Exe
77.222.40.33 chixxxa.com / tru / ldr. Exe
78.159.96.95 zonephp.com/us/us1. Exe
85.12.197.41 danacompany.ru / css / cs. Bin
85.17.109.10 sjfdhw395t.com/newzz/cfg. Bin
79.135.187.112 newprogress.info / tmp / ldr. Exe
81.176.123.220 light-money.cn/files/ldr. Exe
81.176.123.221 conexnet.cn / nuc / exe. Php
91.207.117.174 4utraffic.info/tmp/ldr. Exe
118.219.232.248 moqawama.co.cc / zv / cfg. Bin
208.113.161.124 ebayhelp.co.il/4ebay/5e. Txt
115.126.5.50 1.google-credit.cn/q83wi/ld46. Exe
124.217.242.80 custom4all.info/syst/grepko. Exe
193.138.172.5 upd-windows-microsoft.cn/zv/ldr. Exe
195.2.253.137 mega-3k.com/krot22/rege. Exe
195.2.253.186 firebit32.com/mako22/43r. Exe
195.55.174.140 www.provis.es / images / menu. Exe
201.235.253.22 www.elsanto-disco.com.ar/.z/zeus. Exe
211.95.79.6 horobl.cn / dll / cr. Txt
213.205.40.169 www.saiprogetti.it/r. Exe
216.246.91.49 d1gix.net/forum/load. Exe
216.246.91.49 www.commerceonline-service.net/chat/cfg. Ini
218.93.202.114 marketingsoluchion.biz / fkn / config. Bin
218.93.205.242 cosmosi.ru / lsass. Exe
220.196.59.18 infinitilancer.cn / forum / load. Php? Id = 861 & spl = 7
220.196.59.18 nepaxek-domain.cn/stores/hello. World
220.196.59.18 nepaxek-domain.cn/stores/urko. Exe
58.65.236.129 userzeus.com / zw / cfg. Bin
58.65.236.129 verified09.com/ldr. Exe
58.65.236.129 wcontact.cn / zsadmin / ldr. Exe
58.65.237.153 arsofcaribion.com / frontman / ldr. Exe
67.210.124.90 academcity.com/ic/6e. Txt
67.210.124.90 academcity.com/ic/6e. Txt
68.180.151.74 emailsupports.com / Info. Exe
68.180.151.74 emailsupports.com / z / setup. Ini
68.180.151.74 mypage12.com/control/cfg. Bin
72.167.232.78 powelldirects.com / awstats / usbtn / conf. Sts
72.233.79.18 i-love-porno.com/z/ldr. Exe
72.9.154.58 daimtraders.com / vateranery / imgpe. Bin
74.86.115.14 arinina.com/cfg/ntdrv32. Exe
77.222.40.33 chixxxa.com / tru / ldr. Exe
78.159.96.95 zonephp.com/us/us1. Exe
85.12.197.41 danacompany.ru / css / cs. Bin
85.17.109.10 sjfdhw395t.com/newzz/cfg. Bin
It's quite dangerous if we consider that, in addition to the typical actions of the malware, can be obtained by any person to deposit a certain amount of money in the account of its creators.
Perhaps this is one of the best reasons to argue why the large number of variants of "ZeuS" who are In-the-Wild stalking our systems seeking to recruit zombies. The truth is that, although it lives up to its name, is one of the largest botnet time.
Even though this last feature is threatened by other "alternative" world Waledac botnet as the recent Adrenalin, or smaller (in magnitude) Asprox (aka Danmec), the truth is we must be cautious not to be victims of these threats are always looking to successfully carry out its mission: to get our money and computer resources.
Even though this last feature is threatened by other "alternative" world Waledac botnet as the recent Adrenalin, or smaller (in magnitude) Asprox (aka Danmec), the truth is we must be cautious not to be victims of these threats are always looking to successfully carry out its mission: to get our money and computer resources.
Related information
Phishing Kit In-the-Wild for cloning websites
Waledac more loving than ever
Danmec Bot, Fast-Flux networks and recruitment of ...
Malware attack via Drive-by-Download
Jorge Mieres
0 comentarios:
Post a Comment