Explore the latest news and trends  

Keep yourself up to date with one of the following options:

  • Explore more news around Spam/Phishing, Malware/Cyber-attacks and Antivirus
  • Receive news and special offers from SPAMfighter directly in you inbox.
  • Get free tips and tricks from our blog and improve your security when surfing the net.
  • Go

Zeus Botnets Upgraded to P2P, Now Increasingly Resilient

According to a researcher, one fresh version of the Zeus malware kit has one P2P (peer-to-peer) functionality, which allows contaminated systems elude command-and-control (C&C) servers while taking commands or updates from operators, published theregister.co.uk in news on October 13, 2011.

Referred to as Murofet, the updated version of the tailored Zeus potentially causes difficulty for law-enforcement organizations and white-hat hackers in destabilizing botnets via purging of centralized C&C server machines that they shutdown or break into, states the security expert whose tracker website of Zeus watched over botnet communications. The tailored Zeus recently infected computers from over 100,000 distinct Internet Protocol (IP) addresses, according to the researcher.

Compromised PCs called zombies that Murofet regulates arrive with one early catalogue of Internet Protocol addresses for requests or queries. Once on a PC, this catalogue instantly searches to obtain a live node via dispatching User Datagram Protocol (UDP) suites.

And suppose the said kind of node is obtained, there'll then emerge an IP list which would participate within the P2P computer network. Following acquiring of details regarding the used binary along with configuration editions, the node will verify if there's one latest form that could let the operator link up with it through the high port of certain Transmission Control Protocol (TCP) for taking down the latest configuration file or the binary in its upgraded form. Eventually, the HTTP component interferes, while the bot links up with the C&C website indicated within the config file.

Moreover, with the researcher's study, it became possible for figuring out USA, Italy and India as the countries with most PCs contaminated with the current Zeus version.

Thus according to the expert, the security industry requires watching carefully for the gameover3.php, gameover2.php or gameover.php strings within the log of web-proxy that suggest that the latest Zeus variant is present.

He further says that all are aware of the cat-and-mouse play type of fight amongst cyber-criminals and security experts, adding that the latest Zeus alteration doesn't represent the last, while there'll be more efforts by cyber-criminals for having their malicious wares go undetected. Computerworld.com reported this on October 12, 2011.

Related article: Zeus Trojan Stole Huge Amount of Information

ยป SPAMfighter News - 22-10-2011

3 simple steps to update drivers on your Windows PCSlow PC? Optimize your Slow PC with SLOW-PCfighter!Email Cluttered with Spam? Free Spam Filter!

Exchange Anti Spam Filter
Go back to previous page
Next