Tracker Websites for Zeus, SpyEye under Attack
According to Brian Krebs a U.S security journalist, creators of botnets through crimeware toolkits Zeus and SpyEye are putting a lot of effort to thwart a pair of Websites, which assist Internet Service Providers as well as organizations, stop contaminated systems from receiving commands and sending data to C&C structures that the two bot-herders operate.
Writes Krebs, since cyber-criminals are going great lengths towards discrediting and disabling the aforementioned sites, it proves that the anti-fraud websites are working well. Krebsonsecurity.com published this in news on March 9, 2011.
Actually, Krebs was able to get into a unique Russian-language forum, which is designed to serve online criminals. Here forum members were expressing anger regarding efforts of a Swiss expert on computer Roman Hussy, who developed websites to track the C&C servers of the SpyEye and Zeus botnets. Incidentally, Hussy's websites publish blacklists for system administrators who can use them for preventing their systems from accessing malicious command-and-control infrastructures. Virusbtn.com reported this on March 10, 2011.
Interestingly, forum members appeared harmonious regarding a notion i.e. seeding the configuration files of SpyEye and Zeus with genuine Internet-sites so that both Zeus and SpyEye tracker sites would pronounce genuine websites as hostile, making the ISPs, which are so inclined towards the trackers' pronouncements, to no longer rely on them.
Encouragingly, Hussy's creations have weathered the infinite number of DDoS assaults that bot-herders launched against them as retaliation to those services actually getting their C&C servers blacklisted. Once, somebody even posted a false message of Hussy committing suicide that was circulated among his friends and relatives that really induced police to find out if he was alright. However, such attacks haven't put off Hussy, nor has he made his services non-essential. Krebsonsecurity.com reported this.
Nonetheless, forum members persistently suggested that legitimate websites' URLs should be added to the Zeus and SpyEye configuration files as a tactic to get the trackers to label those websites as harmful and thereby lessening their credibility. But Hussy stated that the miscreants just didn't know that ZeusTracker first verified if any C&C server was truly active prior to flagging it malicious. Krebsonsecurity.com reported this.
Related article: Treacherous Botnet MayDay Sneaks through US Companies
» SPAMfighter News - 18-03-2011