24 Feb 2012
Windows 7 Home Premium x64 SP1
New Zeus/SpyEye makes bots function as C&C servers
The latest build of the Zeus/SpyEye malware shows a change that could very well hamper the security researchers' ability to take down the botnets using it and to find out the criminals behind them.
According to Symantec researchers, a previous build already moved towards replacing the bot-to-C&C system with peer-to-peer capabilities so that the bots receive configuration files from other bots, and this new one has finalized the transition.
"This means that every peer in the botnet can act as a C&C server, while none of them really are one," say the researchers. "Bots are now capable of downloading commands, configuration files, and executables from other bots - every compromised computer is capable of providing data to the other bots. We don’t yet know how the stolen data is communicated back to the attackers, but it’s possible that such data is routed through the peers until it reaches a drop zone controlled by the attackers."
|My System Specs || |