<img height="1" width="1" style="display:none" src="https://www.facebook.com/tr?id=439793516377641&amp;ev=PageView&amp;noscript=1">

CATEGORY ARCHIVES: zeus-botnet

Zloader/Terdot – That Man in the Middle

The ZeuS malware family was first seen in July 2007, and is the poster child for long-lasting bots. Zbot, one of the aliases of ZeuS, has a familial relation to Terdot. When ZeuS's source code leaked in 2011 bad actors jumped at the chance to start updating its capabilities based on their campaigns. One of these offspring was Terdot. MalwareBytes has made a study of the ZeuS family, and have noted a recent increase in Terdot/Zloader infections.

Read More

Share this:

Blocking Bot 'Call Homes' Can Stop You Losing $250,000

Over the last couple of days, Brian Krebs has reported about ACH fraud that is driven by ZeuS and SpyEye trojans/bots. Although the case law is limited it seems like banks have little or no liability if a trojan steals bank login details and, as a result, an organization's bank account is emptied.

Read More

Share this:

The Worst AS in the world

In an email discussion over the weekend (which was based in part on this post by Brian Krebs) about the distributors of malware it was noted that much of it came from one particular AS - AS49469 Sa Nova Telecom Grup SRL. As is usually the case when I get this kind of email I take a look at our database to see what we know about the subject. In this case I discovered that AS49469 is one of the 64 ASes whose IP address ranges are completely covered by one or more of our blocklists.

Read More

Share this:

Now blocking SpyEye C&C hosts

One of our malware research partners - abuse.ch - has started tracking the SpyEye C&C (command & control) hosts in the same way that it has been tracking the ZeuS C&C hosts.

Read More

Share this:

Who is more dangerous? 1&1 or Vietnam?

Over the last couple of days there have been reports that "Vietnam is a haven of malware" with "more than half of [the .vn domains] hosting malware" and that the ISP "1&1" accounts for one in 10 botnet Command & Control (C&C) hosts.

Read More

Share this:

The Mutation of ZeuS

Researchers at TrendMicro - and elsewhere - have identified changes to the infamous ZeuS trojan and how it is propagated. The new method involves another piece of malware named Licat, which uses techiques pioneered by the "conficker" worm to try and contact its Command and Control hosts. When Licat successfully finds a C&C host it downloads a new variant of ZeuS from them.

Read More

Share this:

The SCADA Threat

Sometimes they let me out in public to talk to people and last night was one of those occasions. Last night I attended an INSA event where various security related issues were discussed. The main speaker was Admiral Mike McConnell, the former head of the NSA and former DNI, and he said something which I greatly fear is true, particularly regarding major infrastructure.

Read More

Share this:

STUXNET fallout

Via my friends at Control Global, I've found and started to read the summary analysis of the STUXNET worm by Ralph Langner. Langner shows what looks like fairly strong circumstantial evidence that STUXNET was a deliberate cyberwar attack - presumably on the Iranian nuclear program, with possible spin offs to also affect nuclear research in other countries as well. Politically, this is fascinating stuff, but as this blog is about cyber security I prefer to look at some of the security issues it raises.

Read More

Share this:

Introducing the BOTNETS block list

Recently I blogged that we had added the abuse.ch ZeuS Tracker botnet list as a block list source. Last week we confirmed that it worked by seeing that our customers had connections to addresses on that list that were blocked by ThreatSTOP, and which came from systems later confirmed to be infected.

Read More

Share this:

Blocking the ZeuS Botnet(s)

The ZeuS Botnet got into the news last week with the announcement that it had led to significant financial losses in the UK, however it (or rather they since there are many botnets running the same trojan) is an infection that has been studied by a number of malware researchers.

Read More

Share this:

Home Page

OTHER THREATSTOP OUTLETS

  1. ThreatSTOP on YouTube
  2. ThreatSTOP on Twitter