Zeus Botnets Upgraded to P2P, Now Increasingly Resilient

According to a researcher, one fresh version of the Zeus malware kit has one P2P (peer-to-peer) functionality, which allows contaminated systems elude command-and-control (C&C) servers while taking commands or updates from operators, published theregister.co.uk in news on October 13, 2011.

Referred to as Murofet, the updated version of the tailored Zeus potentially causes difficulty for law-enforcement organizations and white-hat hackers in destabilizing botnets via purging of centralized C&C server machines that they shutdown or break into, states the security expert whose tracker website of Zeus watched over botnet communications. The tailored Zeus recently infected computers from over 100,000 distinct Internet Protocol (IP) addresses, according to the researcher.

Compromised PCs called zombies that Murofet regulates arrive with one early catalogue of Internet Protocol addresses for requests or queries. Once on a PC, this catalogue instantly searches to obtain a live node via dispatching User Datagram Protocol (UDP) suites.

And suppose the said kind of node is obtained, there'll then emerge an IP list which would participate within the P2P computer network. Following acquiring of details regarding the used binary along with configuration editions, the node will verify if there's one latest form that could let the operator link up with it through the high port of certain Transmission Control Protocol (TCP) for taking down the latest configuration file or the binary in its upgraded form. Eventually, the HTTP component interferes, while the bot links up with the C&C website indicated within the config file.

Moreover, with the researcher's study, it became possible for figuring out USA, Italy and India as the countries with most PCs contaminated with the current Zeus version.

Thus according to the expert, the security industry requires watching carefully for the gameover3.php, gameover2.php or gameover.php strings within the log of web-proxy that suggest that the latest Zeus variant is present.

He further says that all are aware of the cat-and-mouse play type of fight amongst cyber-criminals and security experts, adding that the latest Zeus alteration doesn't represent the last, while there'll be more efforts by cyber-criminals for having their malicious wares go undetected. Computerworld.com reported this on October 12, 2011.

Related article: Zeus Trojan Stole Huge Amount of Information

» SPAMfighter News - 10/22/2011