MalwareIntelligence is a site dedicated to research on all matters relating to anti-malware security, criminology computing and information security in general, always from a perspective closely related to the field of intelligence.

22.2.09

Botnet Zeus. Mass propagation of his Trojan. Part Two

The first part could count well above what it is ZeuS, next to a small list of domains and IP addresses involved with the Trojan and useful to block them.

The map below shows information relating to each host infected by ZeuS who is identified through a point. Although at first glance, the information that shows the map can give the impression of inadequate, we must take into account that each node can represent multiple IP addresses or domains hosted on one server, bringing the percentage of equipment Infected power.


Although the list is very small compared with the amount of domains that host to ZeuS, is extremely important for administrators to block them in its network structure to avoid problems of infection.

85.17.139.189 investmentguard.co.uk/foto/body_bg_akh10. Jpg
85.17.143.132 mainssrv.com / pic / timeats. Jpg
91.197.130.39 goldarea.biz / bot. Exe
92.48.119.151 allmusicsshop.com/bnngJPdf7772Nd. Exe
92.62.100.14 chinkchoi.net/3n539 @ 32d. Exe
92.62.101.54 drupa1.com/s/fuck. Exe
92.62.101.54 ltnc.info / utility / lease / software / update / config. Bin
92.62.101.54 tdxs.info / utility / backup / config. Bin
94.103.80.150 zone-game.org/ldr. Exe
94.75.214.18 vokcrash.com/144/load. Php
196.2.198.243/wweb11/zdr. Exe
196.2.198.243/xwweb/zdb. Exe
58.65.236.41 / z. Exe
67.225.177.120/moon/cfg1.bin
78.26.179.201/matt/loader. Exe
91.211.65.122 / ~ nostr551te/endive/dogi. Exe
92,241,164,198 / ~ cadazeu / testbot / ldr. Exe
92.62.101.60/g1/data
92.62.101.60/g2/data
92.62.101.60/g2/run. Exe
94.247.3.211/ddk/audio
94.247.3.211/rot/load. Exe
94.247.3.211/rot/zlom
freecastingus.cn/z12/config. bin
freecastingus.cn/z12/loader. exe
http://ltnc.info/utility/lease/software/update/config. bin
http://tdxs.info/utility/backup/config. bin

Furthermore, each of the domains, along with your IP address, represent a breach of infected host or server.

Given that the means of spread and infection employed by ZeuS are, email and technical Drive-by-Download through different exploit where one of the best known is Luckysploit, or sites which are vulnerable to malware implanted kits as ElFiesta; is extremely important to block domains and IP addresses I have outlined.

Related information
Botnet Zeus. Mass propagation of his Trojan. Part ...
Domain List compromised by Zeus
List of IPs compromised by Zeus


0 comentarios:

Post a Comment

Subscribe to: Post Comments (Atom)