Win32/Zeus (alias Zbot)

Forum for analysis and discussion about malware.

Re: Trojan Zeus (alias ZBot)

Postby rkhunter » Fri Apr 13, 2012 6:44 am

What is "butthurt"?
User avatar
rkhunter
 
Posts: 1148
Joined: Mon Mar 15, 2010 12:51 pm
Location: Russian Federation
Reputation point: 147

Re: Trojan Zeus (alias ZBot)

Postby EP_X0FF » Fri Apr 13, 2012 6:53 am

rkhunter wrote:What is "butthurt"?


Image

http://en.wikipedia.org/wiki/Frustration

:D
Ring0 - the source of inspiration
User avatar
EP_X0FF
Global Moderator
 
Posts: 4764
Joined: Sun Mar 07, 2010 5:35 am
Location: Russian Federation
Reputation point: 571

Re: Trojan Zeus (alias ZBot)

Postby rkhunter » Fri Apr 13, 2012 6:57 am

@EP_X0FF
This article was interested for you?
User avatar
rkhunter
 
Posts: 1148
Joined: Mon Mar 15, 2010 12:51 pm
Location: Russian Federation
Reputation point: 147

Re: Trojan Zeus (alias ZBot)

Postby EP_X0FF » Fri Apr 13, 2012 7:03 am

Not really, it was expected to something like this will appear. Kelihos sinkholing also criticized by homemade security "experts". It is always pretty cool criticise others work when yourself you doing nothing and hiding this under the "private converstations" 600+ length words BS blogposts.
Ring0 - the source of inspiration
User avatar
EP_X0FF
Global Moderator
 
Posts: 4764
Joined: Sun Mar 07, 2010 5:35 am
Location: Russian Federation
Reputation point: 571

PWS:Win32/Zbot.gen!AF: Another varient of Zbot

Postby leeno » Sun Apr 29, 2012 5:23 pm

Hi Guys ,

I came across a zbot sample as flagged by virustotal. But this sample is not even citadel/ice 9 or old zeus .
any one help in identifying it correctly .

lots of encrypted UDP only trafffic .

https://www.virustotal.com/file/0a7adf0 ... /analysis/

Thanks

Leeno
You do not have the required permissions to view the files attached to this post.
leeno
 
Posts: 43
Joined: Wed Apr 11, 2012 10:19 am
Reputation point: 7

Re: PWS:Win32/Zbot.gen!AF: Another varient of Zbot

Postby rkhunter » Sun Apr 29, 2012 8:11 pm

Don't think that this is new, I saw it at least 4 month ago. Why you decided that this is different version of ZBot?
FYI: http://www.microsoft.com/security/porta ... bot.gen!AF

Encyclopedia entry
Updated: Sep 19, 2011 | Published: Jun 29, 2011
PWS:Win32/Zbot.gen!AF is a generic detection for variants of PWS:Win32/Zbot, a password stealing trojan.
User avatar
rkhunter
 
Posts: 1148
Joined: Mon Mar 15, 2010 12:51 pm
Location: Russian Federation
Reputation point: 147

Re: PWS:Win32/Zbot.gen!AF: Another varient of Zbot

Postby EP_X0FF » Mon Apr 30, 2012 1:12 am

Take decrypted.
You do not have the required permissions to view the files attached to this post.
Ring0 - the source of inspiration
User avatar
EP_X0FF
Global Moderator
 
Posts: 4764
Joined: Sun Mar 07, 2010 5:35 am
Location: Russian Federation
Reputation point: 571

Re: Trojan Zeus (alias ZBot)

Postby thisisu » Mon Apr 30, 2012 11:41 am

rkhunter wrote:Critical analysis of Microsoft Operation B71 (against ZBot/Zeus/SpyEye botnet)
http://blog.fox-it.com/2012/04/12/critical-analysis-of-microsoft-operation-b71/

"One of the botnets was up and running again within 24 hours of the takedown on a brand new c&c server and continued with its business as usual."

Is this true?
User avatar
thisisu
 
Posts: 362
Joined: Sun Feb 26, 2012 8:57 am
Reputation point: 65

Re: Trojan Zeus (alias ZBot)

Postby EP_X0FF » Mon Apr 30, 2012 1:56 pm

thisisu wrote:
rkhunter wrote:Critical analysis of Microsoft Operation B71 (against ZBot/Zeus/SpyEye botnet)
http://blog.fox-it.com/2012/04/12/critical-analysis-of-microsoft-operation-b71/

"One of the botnets was up and running again within 24 hours of the takedown on a brand new c&c server and continued with its business as usual."

Is this true?


When you are running botnet and really thinking about it security you always have a plan B. Backup/alternative C&C servers, and maybe reserved bot version (Kelihos example). Only a complete takedown combined with law enforcement actions can guarantee that botnet is really dead at forever. So it is not a something unusual, or a fault from Microsoft. Authors of this article should do something instead of searching for mistakes in others actions.
Ring0 - the source of inspiration
User avatar
EP_X0FF
Global Moderator
 
Posts: 4764
Joined: Sun Mar 07, 2010 5:35 am
Location: Russian Federation
Reputation point: 571

Re: Trojan Zeus (alias ZBot)

Postby Neurofunk » Mon Apr 30, 2012 4:14 pm

https://www.virustotal.com/file/aa0e54c ... 335802170/
Detection Ratio: 14/43
MD5: 9fbd7c5d26fe75a6faffe29bee66ce40
You do not have the required permissions to view the files attached to this post.
Neurofunk
 
Posts: 28
Joined: Tue Oct 25, 2011 5:28 pm
Reputation point: 12

PreviousNext

Return to Malware

Who is online

Users browsing this forum: No registered users and 10 guests