Zeus – The Crow's Groove

Zeus Botnets’ Achilles’ Heel Makes Infiltration Easy

So what are we waiting for? Take ’em down!

A security researcher has discovered a potentially crippling vulnerability in one of the most widely used botnet toolkits, a finding that makes it easy for blackhats and whitehats alike to take control of huge networks of infected PCs.

The flaw in the Zeus crimeware kit makes it trivial to hijack the C&C, or command and control, channels used to send instructions and software updates to compromised computers that often number in the hundreds of thousands. There are in turn thousands or tens of thousands of botnets that are spawned from Zeus, and the vast majority are susceptible to the technique.

That means the bug could make takedowns by law enforcement and rival crime gangs significantly easier, said Billy Rios, the researcher who discovered the defect and has written a simple program to exploit it.

Link : The Register – Zeus botnets’ Achilles’ Heel makes infiltration easy

Linkedin Falls to the Power of Zeus Malware

Linkedin users: beware!
Please read this article. Don’t get infected.

Users of the social notworking site LinkedIn started receiving shedloads of spam email messages in a bid to recruit them into the Zeus botnet.

From 10am yesterday users of the business-focused version of Facebook started getting mail with a fake contact request containing a malicious link.

Cisco Security Intelligence said that these messages accounted for as much as 24 percent of all spam sent within a 15-minute interval today.

If users were dumb enough to click on the links in the email they would be taken to a web page that says “PLEASE WAITING…. 4 SECONDS..” and then redirects them to Google.

While it looks like nothing has happened, during the four second the victim’s PC will be attempted to be infected with the ZeuS Malware.

Link : TechEye – Linkedin falls to the power of Zeus

Russia Becomes Malware Botnets Host

Considering that most spam and malware is coming from Russia and China, wouldn’t it be possible to turn off access to Russian and Chinese hosts, domains, servers, by default and only open connections by requesting your own ISP? I guess that only a small percentage of Internet users are visiting Russian and Chinese sites and servers, so this should not be a big problem.

Botnet operators have found a home in Russia after server access became too difficult in China says insecurity company M86 Security.

Chinese cyber sleuths have been driving malware operators from the country’s telecommunications infrastructrue and Russia – always somewhat lax in policing online criminals – has become the refuge for botnet spam campaigns from dodgy porn websites, online casinos and pharmacies.

M86 Security said that 5,000 new spam domains have been traced back to two Russian registrars in the past month. Among those who have moved to Russian providers are the operators of the Zeus malware botnet.

“It used to be Chinese registrars and now it has been a pretty dramatic shift. Back in Russia it is kind of the same old names. These registrars have been around for a while.,” said Bradley Anstis, VP of technology strategy at M86 Security.

The shift to the former Soviet Union follows a clampdown on cyber crime operations in central Europe and Asia. Authorities in Europe have sought to drive cyber criminals out of the region, but it seems like they and other parallel efforts elsewhere have just driven them somewhat to the east, into Russia.

Link : The Inquirer – Russia becomes malware botnets host