Do-It-Yourself Toolkit Evolves for Zeus Botnet
Gunter Ollmann, Vice-President of Research, Damballa, recently wrote on a blog about fresh updates of widely used kit that built the botnet namely Zeus. The updates, according to Ollmann, are helping in the continuation of threat which is escalating in spite of its existence for sometime now, as reported by Securitywatch.eweek on December 16, 2009.
A toolkit for developing malware, Zeus kit, belongs to the Do-It-Yourself (DIY) category. The Trojan Zeus reportedly spreads very fast and is infecting computers globally. Consequently, it is building a huge botnet of compromised PCs called 'zombies' that dispatch malicious spam mails.
Damballa states that Zeus has evolved into several different incarnations to remain a highly varied and popular toolkit. Further, from the previous versions that range between simple and cutting edge iterations sold for a high $700 per pop, the do-it-yourself kits for botnet construction themselves present a big under market.
Ollmann also observes that Zeus toolkits are presently sold on several frequently visited hacking forums. These kits work perfectly inside a computer network which runs Windows 7. The kits also intercept traffic of IPv6 networks to search precious data and record them. Consequently, security teams and administrators of enterprises using IPv6 networks need to know that the botnet perpetrators already have IPv6 facilities and therefore the ability to attack them.
Hence, it is evident that innovators of the Zeus botnet have enhanced its adaptability and developed it to make it an open base to which third-party tools can be integrated. Such integration will depend on what kind of cyber crime or fraud the botnet controller chooses to commit. Meanwhile, the botnet's adaptability can be as varied as spam attacks to DDoS assaults.
Further, Ollmann cautions that although Zeus is very common, it is not necessary that anti-virus detection software will be able to catch it. The installation of Zeus has never been done in its rudimentary form rather its variants that are excessively concealed and protected are deployed.
» SPAMfighter News - 31-12-2009