[ISN] ZeuS botnet code keeps getting better... for criminals

From: InfoSec News <alerts_at_private>
Date: Fri, 12 Mar 2010 00:13:22 -0600 (CST)

By Ellen Messmer
Network World
March 11, 2010 

New capabilities are strengthening the ZeuS botnet, which criminals use 
to steal financial credentials and execute unauthorized transactions in 
online banking, automated clearing house (ACH) networks and payroll 
systems. The latest version of this cybercrime toolkit, which starts at 
about $3,000, offers a $10,000 module that can let attackers completely 
take control of a compromised PC.

Zeus v.1.3.4.x (code changes are always underway by the author and 
owner, who is believed to be one individual in Eastern Europe) has 
integrated a powerful remote-control function into the botnet so that 
the attacker can now "take complete control of the person's PC," says 
Don Jackson, director of threat intelligence at SecureWorks, which 
released an in-depth report on ZeuS this week.

This new ZeuS feature, which was picked up from an older public-domain 
project from AT&T Bell Labs known as "Virtual Network Computing," gives 
ZeuS the kind of remote-control capability that might be found in a 
legitimate product like GoToMyPC, Jackson says. SecureWorks calls this a 
"total presence proxy," and it's so useful to criminals, just this one 
VNC module for ZeuS costs $10,000.

The Windows-based ZeuS Trojan software, which takes up about 50,000 
bytes on a compromised Windows-based computer, is designed to plunder 
accounts in North American and United Kingdom banking systems via the 
victim's computer. The criminal might be located a continent away, 
directing unauthorized transfers of funds to accounts through elaborate 
command-and-control systems.


Register now for HITBSecConf2010 - Dubai, the premier 
deep-knowledge network security event in the GCC, 
featuring keynote speakers John Viega and Matt Watchinski! 
Received on Thu Mar 11 2010 - 22:13:22 PST

This archive was generated by hypermail 2.2.0 : Thu Mar 11 2010 - 22:23:22 PST