|13 Oct 2010||#1|
| || |
Zbot, the botnet in a box
This month, the MSRT team has added detection and removal for Zbot, one of the most widely known active botnets today. Although the malware itself is quite complex and varied, the technical acumen required to use and distribute it is actually quite low. Toolkits to create the malware are easily attainable and quite simple to use as the following screenshot shows.
Underground forums are teeming with questions ranging from the very basics about configuring the malware to people boasting about the size of their botnets. Even the botnet controllers are themselves quite varied, from apparent hobbyists to those that likely have more nefarious intent.
This family is quite prolific even if the intent behind some of the botnets is unclear. That said, we find ourselves knocking on Zbot’s door this month, and we’re glad we are. Zbot is the latest addition to MSRT’s ever-growing list of malware, and we hope to continue protecting the Windows ecosystem with this new family firmly in our sights.
MSRT on Zbot, the botnet in a box - Microsoft Malware Protection Center - Site Home - TechNet Blogs
|My System Specs|
|13 Oct 2010||#2|
| || |
New ZeuS Variant Uses File Infector to Prolong its Life
Security researchers have confirmed their suspicion, that a recently discovered file infector dubbed Licat serves to make ZeuS infections more persistent.
Licat has the characteristics of a traditional virus, as it adds malicious code to all EXE, DLL and HTML files detected on an infected system.
However, the new threat also features an update mechanism based on an URL-generation algorithm, that is suspiciously similar to the one used by the Conficker worm.
Malware researchers from Trend Micro are now certain that Licat is dropped on computers by a new variant of the ZeuS trojan, which is delivered via infected websites.
Every time files infected by the virus are executed, the rogue code inside them generates URLs and attempt to contact them.
This method is used by attackers to serve new variants of Zbot (ZeuS Bot), which in turn drop new versions of Licat and the cycle repeats all over again.
New ZeuS Variant Uses File Infector to Prolong its Life - Softpedia
|My System Specs|
|Similar help and support threads for2: Zbot, the botnet in a box|
|Help with Zbot infection.||System Security|
|Microsoft Offers Insight into the Battle Against Zbot / Zeus||Security News|
|Battling the Zbot Threat||Security News|
|An Early Look at the Impact of MSRT on Zbot||News|
|Free Microsoft Security Tool “Armed” to Kill the Zbot/ZeuS Botnet||News|
|PDF Launch Feature Abused to Carry ZeuS/ZBOT||Security News|
|Zbot Desperately Seeking AIM Users.||Security News|