Geekly Articles each Day
📜 ⬆️ ⬇️

Found premium version of the Zeus worm



Despite the fact that computer security experts have long been aware of the Zeus worm (the developer of which was not found yet) and the botnet of the same name (whose owners have recently been found, they wrote about it on Habré), the virus still continues to infect user computers expanding the scale of the botnet. The other day, F-Secure company representatives discovered a premium version, so to speak, of the Zeus worm, which starts working only on powerful PCs.

Experts who discovered this version of Zeus claim that they have not previously encountered malicious software, for which computer speed limits have been set. In other words, the virus will simply not work on not very powerful machines. To test the virus found, F-Secure specialists used virtual machines, the virtual configuration of which can be changed without problems. This was the strangeness in the behavior of the virus - it did not work on “weak” configurations.
')
The experts found out that this version of the worm starts working only when the processor frequency is 2 or more gigahertz. On less powerful PCs, laptops and netbooks, the virus refuses to work. Instead, premium Zeus starts to work in debugger mode, without following almost any instructions and not infecting the system. Experts checked the work of the virus on various machines, and only on powerful PCs did this virus start to work.

So far, virus fighters cannot directly answer the question why such a selective version of the virus was created. Some experts suggest that the exotic version of Zeus allows you to create fast, high-capacity botnets that hackers can use to crack passwords and for other purposes, where power is needed first and foremost.

In general, an interesting picture emerges - hackers are already beginning to form, apparently, special botnets for use for their own purposes. Previously, experts say, botnets with the maximum number of zombies infected with PCs were valued. Now, apparently, hackers use other criteria in the formation of new botnets.

Via f-secure

Source: https://habr.com/ru/post/108894/

More articles:


All Articles