Win32/Zeus (alias Zbot)

Forum for analysis and discussion about malware.
Kimberly
Posts: 14
Joined: Sun Dec 01, 2013 12:49 pm
Contact:

Re: Win32/Zeus (alias Zbot)

Post by Kimberly » Thu Mar 20, 2014 12:39 pm

Which is easy ... don't allow Windows Explorer to access internet ;)

unixfreaxjp
Posts: 501
Joined: Thu Apr 12, 2012 4:53 pm

Re: Win32/Zeus (alias Zbot)

Post by unixfreaxjp » Fri Mar 21, 2014 1:15 am

The post is not meant for you obviously. it is even easier to "just read + commenting" than sharing stuff in here (KM).
You want to share work in here or just to be commentator to "comment" other's post who is just willing to share?
If you "personally" don't like nor agree to my posts, DON'T even read it them!!

User avatar
EP_X0FF
Global Moderator
Posts: 4814
Joined: Sun Mar 07, 2010 5:35 am
Location: Russian Federation
Contact:

Re: Win32/Zeus (alias Zbot)

Post by EP_X0FF » Fri Mar 21, 2014 3:36 am

@unixfreaxjp
I do not think Kimberly was trying to offend you or challenge your work.
Ring0 - the source of inspiration

unixfreaxjp
Posts: 501
Joined: Thu Apr 12, 2012 4:53 pm

Re: Win32/Zeus (alias Zbot)

Post by unixfreaxjp » Fri Mar 21, 2014 7:31 am

EP_X0FF wrote:@unixfreaxjp
I do not think..
Copy that.
We have tons of these campaign now.
I am picking up significant samples only for KM friends who want to use some pcap, samples or etc.

User avatar
Xylitol
Global Moderator
Posts: 1670
Joined: Sat Apr 10, 2010 5:54 pm
Location: Seireitei, Soul Society
Contact:

Re: Win32/Zeus (alias Zbot)

Post by Xylitol » Fri Mar 21, 2014 11:46 am

K&A: Behind the scenes of crawling P2P botnets - http://blog.kleissner.org/?p=455

Kimberly
Posts: 14
Joined: Sun Dec 01, 2013 12:49 pm
Contact:

Re: Win32/Zeus (alias Zbot)

Post by Kimberly » Sat Mar 22, 2014 6:03 am

unixfreaxjp wrote:The post is not meant for you obviously. it is even easier to "just read + commenting" than sharing stuff in here (KM).
You want to share work in here or just to be commentator to "comment" other's post who is just willing to share?
If you "personally" don't like nor agree to my posts, DON'T even read it them!!
He obviously has an attitude problem with several security researchers.

I was just point out that there is no need to reinvent the wheel or complicate things when they are easy.

unixfreaxjp
Posts: 501
Joined: Thu Apr 12, 2012 4:53 pm

Re: Win32/Zeus (alias Zbot)

Post by unixfreaxjp » Sat Mar 22, 2014 12:15 pm

Recent malvertisement of Gameover:
Image

Read the VT comment for the details on infection source & callbacks CNC ip or domains.

Upatre: https://www.virustotal.com/en/file/7427 ... 395485713/
Gameover: https://www.virustotal.com/en/file/abf2 ... 395486009/

Sample:

Code: Select all

974e42b15014a9ff294f539334a4b0ae 013.eml
abe06f8c7eec9339d2185f7a420d81ed 2103USp1.qta
a2f2b24bd6fa13095c319f7f61c21d2f 3ad77ce.sys
2c3f9638d9d21b684d70e3c11e79b603 adslo.exe
68f7bd2e404d904dd65100b091fcf92d boci.exe
76229e27d6dbd8d636ee3863310b90df Case_03212014.exe
ec3bad2b139e9f77bb216edb0b8a522a sawon.exe
You do not have the required permissions to view the files attached to this post.

unixfreaxjp
Posts: 501
Joined: Thu Apr 12, 2012 4:53 pm

Re: Win32/Zeus (alias Zbot)

Post by unixfreaxjp » Sat Mar 22, 2014 10:20 pm

You do not have the required permissions to view the files attached to this post.

unixfreaxjp
Posts: 501
Joined: Thu Apr 12, 2012 4:53 pm

Re: Win32/Zeus (alias Zbot)

Post by unixfreaxjp » Sat Mar 22, 2014 10:24 pm

You do not have the required permissions to view the files attached to this post.

malwarelabs
Posts: 44
Joined: Tue Dec 10, 2013 9:07 am

Re: Win32/Zeus (alias Zbot)

Post by malwarelabs » Mon Mar 24, 2014 2:25 pm

It's look like another Zbot sample but peID return C# signature
You do not have the required permissions to view the files attached to this post.

Post Reply