|16 Mar 2013||#1|
| || |
New ZeuS-based modular rootkit offered to cybercriminals
Given the popularity of the Zeus crimeware, and the fact that its source code has been ultimately offered for sale at bargain basement prices, it's no wonder that every now and then malware based on it gets offered on underground forums.
The latest of these is a bot with rootkit functionality unearthed by Dancho Danchev, and it apparently:
encrypts the communication between the C&C servers and the bots so that the botnet's owner is the only one that can control it
uses a Domain Generation Algorithm so that the bot will know which C&C servers to contact if the current ones get blocked or shut down
can drop a third-party piece of malicious code onto the affected computer
allows the botmaster to set random intervals for the bot to communicate with the C&C servers
allows the botmaster to "hide files on the disk, the branches in the registry, inject .dll in a separate process
and in all, provides a gateway through which the user applications can get a list of processes currently loaded kernel modules, terminate any process, to hide the list of dll modules loaded process."
|My System Specs|
|Similar help and support threads for2: New ZeuS-based modular rootkit offered to cybercriminals|
|Modular PSU - really neat||Hardware & Devices|
|Require (Rootkit.TDSS.TDL4) Rootkit Removal & Cleanup walkthrough||System Security|
|Cybercriminals Have Spent $250,000 Spreading TDSS Botnet||Security News|
|ZeuS Development Might Continue as Source Code Offered for Sale||Security News|
|Xi3 Modular Computer||Chillout Room|
|MS. - Scareware Indictments Put Cybercriminals on Notice||News|
|Zeus-Themed Spam Used to Push Zeus.||Security News|
|Our Sites ||Site Links ||About Us ||Find Us |
© Designer Media Ltd
All times are GMT -5. The time now is 11:49 AM.