MalwareIntelligence is a site dedicated to research on all matters relating to anti-malware security, criminology computing and information security in general, always from a perspective closely related to the field of intelligence.


Financial institutions targeted by the botnet Zeus. Part two

The structure consists of ZeuS in php modules from which it controls and executes all the fraudulent and harmful for which it was conceived. For example, it's very common to find files of type s.php, sS.php, x.php or similar which would command control (C&C) of the bot.

Once infected, ZeuS download an encrypted file type. bin (usually cfg.bin) which is the file that specifies the configuration with a set of instructions that indicate the type of information to be collected and where to send.

When this file is decrypted, we can see shaping and financial institutions which carry out constant monitoring ZeuS from the zombie.

In this way, when the user accesses certain forms ZeuS intercepts the browser interaction in capturing all the information you need to realize their botmaster fraud.

The list of entities that are in the sights of ZeuS is really long, but some of them are:

These strategies represent malicious threats and make it clear that while email is still a channel used for the propagation of malware today is who works as an Internet-based attacks through various mass crimeware.

Related Information
Financial institutions targeted by the botnet Zeus...
Botnet Zeus. Mass propagation of his Trojan. Part Two
Botnet Zeus. Mass propagation of his Trojan. Part One

Jorge Mieres

0 comentarios:

Post a Comment