back to article ZeuS Trojan embraces P2P – becomes even more sneaky and sticky

New variants of the Zeusbot/SpyEye cybercrime toolkit are moving away from reliance on command-and-control (C&C) servers towards a peer-to-peer architecture. C&C servers are the Achilles heel of cybercrime networks, vulnerable to both takedown operations and monitoring by either law enforcement or police. Variants of Zeusbot/ …


This topic is closed for new posts.
  1. Irongut

    "by either law enforcement or police"

    In what way are Police not law enforcement?

    1. Anonymous Coward
      Anonymous Coward

      @Irongut - They mention this

      to differentiate between the police and the MPAA lackeys.

  2. Miek

    "Even a headshot to a zombie network may no longer kill off botnets" -- I'll break out the chainsaw

  3. fridelain

    Nothing new.

    Criminals use to be ahead in new technologies adoption and deployment. And lusers will still do banking on Windows XP Jack Sparrow edition. With Norton AND Panda installed, of course.

    1. eulampios

      Re: Nothing new.

      >>And lusers will still do banking on Windows XP Jack Sparrow edition.

      What makes you think it doesn't run on Windows Vista or 7?

      As MS points out "... the Malware is primarily designed to work with UAC enabled, and without local exploits."

      1. Bill Neal

        Re: Re: Nothing new.

        Seen it. It does work on 7. Killed it promptly of course. Lucky for the notebook owner I was there to notice it before she got any ideas of online banking. Still, it is a persistent bugger. I'm surprised it hasn't popped up any other time for me.

        1. eulampios

          @Bill Neal

          Does the laptop owner or you know how she got it?

          1. Chemist

            Re: @Bill Neal

            "Does the laptop owner or you know how she got it?"

            I got this recently as a .zip attachment supposedly from Fedex. The unzipped file was an .exe . Only unzipped it out of curiosity & in any case I'm using Linux. I don't know if it would autoexecute on unzipping in Windows.

          2. Bill Neal

            Re: where'd she get it?

            Not sure, but she is a prolific facebook user & facebook gamer. That would be my 1st guess at a vector.

  4. Christian Berger

    Interresting way of dealing with source code theft

    I mean they simply move on, and improve their product beyond what is already there making the old version simply outdated and leaving that market to the others.

  5. Jean-Luc


    (for all intents and purposes a noob here - security is only tangentially in my interests)

    If you have P2P control, could the white hats not set up counter measures to issue instructions to cease & desist? Or some other kinda neutralization/sabotage/owner identification strategy?

    I mean, if all of a sudden those trojan's peers can issue commands, then how do they know to trust those peers? I assume signatures and encryption are used to authenticate, but still, there must be some opportunity here, until the next improved version.

    1. Russ.T.Starfish

      Re: Wondering...

      My thought's exactly, a simple, "remove bootloader" or del /Windows in x days. type arrangement,

      That command would propagate through the botnet and at timebomb time, the whole thing implodes.

      Then at least the infected end nodes won't be infecting anyone else soon, and the end users have to deal with the problem.

This topic is closed for new posts.

Other stories you might like