Watch a bank-raiding ZeuS bot command post get owned in 60 seconds


Userlevel 7

RC4? Shoddy PHP coding? You VXers should try a little harder

By Darren Pauli, 6 May 2014  Vid Web thieves may get more than they bargained for if tech pros follow the lead of one researcher – who demonstrated how to hack the systems remote-controlling the infamous ZeuS crime bot in 60 seconds.
 
The dangerous Trojan ZeuS infects Windows PCs to, among other things, silently siphon cash from victims' online bank accounts. Each flavour of the software nasty connects to a control server operated by the various crims distributing it; the bots receive their instructions from this particular server.
 Crooks can build their own variant of the Trojan from purchased toolkits or from source code leaked on underground forums in 2011.
The bot control code running on the command servers is known by malware researchers to have security holes that allow these central systems to be hijacked – thus enabling white and grey hats to smash cyber-crime networks from within.
 
Security bod Zoltan Balazs has previously pointed out a remote-code execution bug in ZeuS 2.0.8 control panels, for instance.
 
 
Full Article
 
Seriously scary...but quite a fascinating view.

0 replies

Be the first to reply!

Reply