For criminals, the botnet Zeus (ZeuS) is becoming more convenient and more convenient.
Yes, I know what was recently about him, and soon there will be more. But that's what burzhuiny think.
Some kind of botnet
New features reinforce the Zeus botnet used by criminals to steal financial information and transfer money to online banking, clearing houses, and payroll systems. The cost of its latest version starts from $ 3000, you can also buy the version that allows you to fully control infected computers for $ 10,000.
')
List of 10 most wanted botnets of America .
The author and owner, presumably one person and (also presumably) currently in Eastern Europe, continues to work continuously on the botnet. So, Zeus version 1.3.4.x received the built-in function of remote control over the botnet. Moreover, a hacker can "get complete control over an infected computer," says Don Jackson, head of the SecureWorks threat detection department, who released a detailed report on Zeus this week.
A new Zeus option (taken from AT & T Bell Labs' free virtual project “ Virtual Network Computing ”) and allowing computers to be remotely controlled works similarly to programs like GoToMyPC, Jackson says. Secure Works is called the “full presence” option. It is so useful to criminals that it costs $ 10,000.
Trojan Zeus affects computers running Windows and is about 50,000 bytes in size. He steals from the user's computer accounts of banking systems in North America and the UK. You can commit a crime from another continent by transferring funds to other accounts using a skillfully made management system.
Appeared in 2007 (and possibly earlier) Zeus's “successfully promoted spyware trojan” increased its popularity with the spread of botnets.
Initially, the group UpLevel worked on writing Zeus. However, today's researchers believe that Zeus has only one author who is currently making efforts to fully control Zeus (versions 1.3 and later). So, he introduced a copy protection mechanism that links each copy of a botnet client to the corresponding computer.
Researcher Kevin Stevens of SecureWorks points to the similarity of the Zeus copy protection mechanism with WinLicense (both use the hardware token method). The mechanism takes into account information about the hardware of the computer before opening access to the code of the ZeuS Builder toolkit.
Previous versions of Zeus are available for free, but the new ones (from the beginning of the year) cost quite a lot. According to SecureWorks in a networked criminal community, fraudsters often pay for programs used to commit crimes through Western Union or Web Money.
In the SecureWorks report published last week, the ZeuS Builder base toolkit costs from 3 to 4 thousand dollars, and for the Banckconnect module you will have to pay another 1,500. The module allows you to make transfers from an infected machine, i.e. if the banks try to track the transfer from the criminal, they will see the account holder’s computer. There is a distinction for cracking OS - for the opportunity to hack computers with Windows 7 or Vista, criminals need to pay another 2 thousand dollars, otherwise they will only be able to hack computers with Windows XP.
We list a few more options available. Firefox form grabber ($ 2000) sends the criminal information from the input forms that the user fills in Firefox. "Jabber (IM) chat notifier" ($ 500) notifies the hacker about receiving stolen data, now if you have time, you can access the victim's account using a bank token to randomly generate numbers. VNC module to bypass the smart cards needed for large transfers ($ 10,000).
The latest version of Zeus is able to bypass most of the two-factor and other defenses of banking systems and is focused on conducting large transfers, from $ 100,000, Jackson said.
There are many stories about companies complaining about unauthorized transfers or fraudulently entering non-existent employees into the payroll system. In such cases, banks can not roll back large enough transfers.
So, the latest version of Zeus bypasses most of the advanced online authentication security mechanisms used by banks, with the possible exception of a manual transaction approval system, in which at least two randomly selected people who are randomly selected from the list should approve the transfer. "This is an arms race," Jackson.
In the forthcoming version of Zeus 1.4 (which is still in beta test) the number of options will increase. For example, the “Web Injects for Firefox” option will allow a hacker to display a fake banking form in Firefox at any time. The reason may be a request for additional information by the bank (during the transfer).
To prevent its detection and antivirus identification difficulties, Zeus uses polymorphic encryption.
UPD:
You can evaluate how effective this is the most polymorphic encryption.
And the article about the removal .
Some kind of botnet
Quick reference
- Number 1 on America's Most Wanted Botnet
- Infected computers: 3.6 million
- Using criminals: stealing user input (keylogger), inserting fake HTML forms into online banking systems
New features reinforce the Zeus botnet used by criminals to steal financial information and transfer money to online banking, clearing houses, and payroll systems. The cost of its latest version starts from $ 3000, you can also buy the version that allows you to fully control infected computers for $ 10,000.
')
List of 10 most wanted botnets of America .
The author and owner, presumably one person and (also presumably) currently in Eastern Europe, continues to work continuously on the botnet. So, Zeus version 1.3.4.x received the built-in function of remote control over the botnet. Moreover, a hacker can "get complete control over an infected computer," says Don Jackson, head of the SecureWorks threat detection department, who released a detailed report on Zeus this week.
A new Zeus option (taken from AT & T Bell Labs' free virtual project “ Virtual Network Computing ”) and allowing computers to be remotely controlled works similarly to programs like GoToMyPC, Jackson says. Secure Works is called the “full presence” option. It is so useful to criminals that it costs $ 10,000.
Trojan Zeus affects computers running Windows and is about 50,000 bytes in size. He steals from the user's computer accounts of banking systems in North America and the UK. You can commit a crime from another continent by transferring funds to other accounts using a skillfully made management system.
Appeared in 2007 (and possibly earlier) Zeus's “successfully promoted spyware trojan” increased its popularity with the spread of botnets.
Initially, the group UpLevel worked on writing Zeus. However, today's researchers believe that Zeus has only one author who is currently making efforts to fully control Zeus (versions 1.3 and later). So, he introduced a copy protection mechanism that links each copy of a botnet client to the corresponding computer.
Researcher Kevin Stevens of SecureWorks points to the similarity of the Zeus copy protection mechanism with WinLicense (both use the hardware token method). The mechanism takes into account information about the hardware of the computer before opening access to the code of the ZeuS Builder toolkit.
Previous versions of Zeus are available for free, but the new ones (from the beginning of the year) cost quite a lot. According to SecureWorks in a networked criminal community, fraudsters often pay for programs used to commit crimes through Western Union or Web Money.
In the SecureWorks report published last week, the ZeuS Builder base toolkit costs from 3 to 4 thousand dollars, and for the Banckconnect module you will have to pay another 1,500. The module allows you to make transfers from an infected machine, i.e. if the banks try to track the transfer from the criminal, they will see the account holder’s computer. There is a distinction for cracking OS - for the opportunity to hack computers with Windows 7 or Vista, criminals need to pay another 2 thousand dollars, otherwise they will only be able to hack computers with Windows XP.
We list a few more options available. Firefox form grabber ($ 2000) sends the criminal information from the input forms that the user fills in Firefox. "Jabber (IM) chat notifier" ($ 500) notifies the hacker about receiving stolen data, now if you have time, you can access the victim's account using a bank token to randomly generate numbers. VNC module to bypass the smart cards needed for large transfers ($ 10,000).
The latest version of Zeus is able to bypass most of the two-factor and other defenses of banking systems and is focused on conducting large transfers, from $ 100,000, Jackson said.
There are many stories about companies complaining about unauthorized transfers or fraudulently entering non-existent employees into the payroll system. In such cases, banks can not roll back large enough transfers.
So, the latest version of Zeus bypasses most of the advanced online authentication security mechanisms used by banks, with the possible exception of a manual transaction approval system, in which at least two randomly selected people who are randomly selected from the list should approve the transfer. "This is an arms race," Jackson.
In the forthcoming version of Zeus 1.4 (which is still in beta test) the number of options will increase. For example, the “Web Injects for Firefox” option will allow a hacker to display a fake banking form in Firefox at any time. The reason may be a request for additional information by the bank (during the transfer).
To prevent its detection and antivirus identification difficulties, Zeus uses polymorphic encryption.
UPD:
You can evaluate how effective this is the most polymorphic encryption.
And the article about the removal .
Source: https://habr.com/ru/post/88333/
All Articles