Fresh Zeus C&C Vulnerability Detected
Google security engineer Billy Rios has detected vulnerability within the C&C (command-and-control) Web program of Trojan Zeus that if exploited can let hackers to effortlessly compromise botnets amassed through the malware. Softpedia published this on September 27, 2010.
The most widely used toolkit for crimeware, Zeus is utilized for producing tailored samples of trojans that capture information, along with related command-and-control Web programs for operating contaminated PCs.
The vulnerability within the toolkit helps to easily take control of the C&C servers that issue commands and transmit the latest software onto hijacked PCs, which are usually innumerable in number. Following this there're numerous botnets amassed with Zeus of which huge numbers get exposed to the mechanism.
Solely 2 public pages get exposed with the C&C Web program. These include one that aids contaminated PCs to take instructions and transmit stolen data, and another that's the login page. The web-page that acts as a "gateway" is found differently, while the data exchanged via it is RC4 cipher encrypted.
States Rios, both the encryption code and the page's position are easily obtainable from a contaminated PC's memory alternatively through other means.
He explained that when the C&C hijacking code was run it became possible to write or read anything whatsoever to the central server. TheRegister published this on September 27, 2010.
Rios further explained that a backdoor could be dropped on the C&C to enable theft of data, destruction of the server alternatively taking control of it. Since the hacker gained admission into the C&C system, he also got to know the username and password of the bot controller's C&C. Further, he got to know the username and password of the cleartext data collection that backed the C&C, the specialist highlighted.
Hitherto, attackers used the attack code on the 184.108.40.206 version of Zeus that was introduced during January 2010. However, it's understood that the code will be effective on the toolkit's majority of earlier as well as later versions too. In this connection, security researchers forecasted that Zeus maker's inexperience in developing and releasing updates quickly would hinder their ability in plugging the security hole fast.
Related article: Fark.com Files Suit against Suspected Hacker from Fox13
» SPAMfighter News - 05-10-2010