Explore the latest news and trends  

Sign up for our weekly security newsletter

Be the first to receive important updates on security


Ineffective Takedown Attempt by Microsoft

Though Microsoft took control over most of the command and control (C&C) servers allied with the Zeus botnet, some of the domains are still spared and thus remained active, as reported by FireEye.

According to security researchers at FireEye, this part of the botnet works in association with a Zeus variant, popular for rapidly changing C&C.

Cyber criminals employed Zeus malware for keylogging in order to access user names and passwords from a PC, thus making way into stealing the online identities of netizens. Researchers at Microsoft analyzed that Zeus malware enabled to clog into the personal details in a computer immediately with the process of typing. As a result of this functionality, criminals could not only avail personal data but also all credentials related to financial activities.

Out of the 156 different C&C domains employed by the botnet, Microsoft took over only 147 in Operation B-71.

The remaining 9 C&C left in this operation were concluded as dead and remained inactive to resolve any of the IP address; 4 of them were abandoned by the cyber crooks and the left out 3 are detected to still remain active.

However, according to FireEye, these left out botnets are still enabled to stay alive by concealing themselves behind fast-flux, or by constantly changing their domains. It still remains out of question as to how these botnets remain resilient in spite of the domains being completely destroyed. As such, the claim for these botnets' take down attempt still remains unjustified.

According to Atif Mushtaq, a Senior Staff Scientist at FireEye, the reason behind the MS Digital Crime Unit remaining silent over the three active domains is still not clear. In fact, their main concern should be the three active domains. The existence of these domains still poses danger and does not justify the criterion that the domains are completely destroyed, reports softpedia on April 4, 2012.

Nevertheless, this is the second instance of a takedown attempt being questionable during the last week. The claim behind Kelihos bot remaining active after a similar takedown by Kaspersky Lab was a similar instance in this context. According to them, Kelihos, or Hlux was altogether a new botnet, though its emergence was quite anticipated.

Related article: Infection in Chinese Security Website

» SPAMfighter News - 4/13/2012

3 simple steps to update drivers on your Windows PCSlow PC? Optimize your Slow PC with SLOW-PCfighter!Email Cluttered with Spam? Free Spam Filter!

Dear Reader

We are happy to see you are reading our IT Security News.

We do believe, that the foundation for a good work environment starts with fast, secure and high performing computers. If you agree, then you should take a look at our Business Solutions to Spam Filter & Antivirus for even the latest version of Exchange Servers - your colleagues will appreciate it!

Go back to previous page