* Posts by Rossano

1 publicly visible post • joined 23 Feb 2010

Almost 2,500 firms breached in ongoing hack attack


Effects of the malware bot

This is a variant of the well known Zeus bot otherwise known as Zbot. Once executed on the target machine –which becomes an infected bot- it downloads a configuration file from the C&C server (Command & Control server) which instructs the bot to capture desired data.

It creates a hidden folder on the infected machine and it drops a modified copy of itself to avoid security scanner detection.

The bot periodically uploads the captured data to the server and schedules an update of the configuration files permitting the criminal hacker to change the instructions of the bot.

Additionally it disables the firewall on the target machine.

Rossano Ferraris, CA ISBU Research Team