Page 10 of 28

Re: Trojan Zeus (alias ZBot)

PostPosted: Fri Apr 13, 2012 6:44 am
by rkhunter
What is "butthurt"?

Re: Trojan Zeus (alias ZBot)

PostPosted: Fri Apr 13, 2012 6:53 am
by EP_X0FF
rkhunter wrote:What is "butthurt"?


Image

http://en.wikipedia.org/wiki/Frustration

:D

Re: Trojan Zeus (alias ZBot)

PostPosted: Fri Apr 13, 2012 6:57 am
by rkhunter
@EP_X0FF
This article was interested for you?

Re: Trojan Zeus (alias ZBot)

PostPosted: Fri Apr 13, 2012 7:03 am
by EP_X0FF
Not really, it was expected to something like this will appear. Kelihos sinkholing also criticized by homemade security "experts". It is always pretty cool criticise others work when yourself you doing nothing and hiding this under the "private converstations" 600+ length words BS blogposts.

PWS:Win32/Zbot.gen!AF: Another varient of Zbot

PostPosted: Sun Apr 29, 2012 5:23 pm
by leeno
Hi Guys ,

I came across a zbot sample as flagged by virustotal. But this sample is not even citadel/ice 9 or old zeus .
any one help in identifying it correctly .

lots of encrypted UDP only trafffic .

https://www.virustotal.com/file/0a7adf0 ... /analysis/

Thanks

Leeno

Re: PWS:Win32/Zbot.gen!AF: Another varient of Zbot

PostPosted: Sun Apr 29, 2012 8:11 pm
by rkhunter
Don't think that this is new, I saw it at least 4 month ago. Why you decided that this is different version of ZBot?
FYI: http://www.microsoft.com/security/porta ... bot.gen!AF

Encyclopedia entry
Updated: Sep 19, 2011 | Published: Jun 29, 2011
PWS:Win32/Zbot.gen!AF is a generic detection for variants of PWS:Win32/Zbot, a password stealing trojan.

Re: PWS:Win32/Zbot.gen!AF: Another varient of Zbot

PostPosted: Mon Apr 30, 2012 1:12 am
by EP_X0FF
Take decrypted.

Re: Trojan Zeus (alias ZBot)

PostPosted: Mon Apr 30, 2012 11:41 am
by thisisu
rkhunter wrote:Critical analysis of Microsoft Operation B71 (against ZBot/Zeus/SpyEye botnet)
http://blog.fox-it.com/2012/04/12/critical-analysis-of-microsoft-operation-b71/

"One of the botnets was up and running again within 24 hours of the takedown on a brand new c&c server and continued with its business as usual."

Is this true?

Re: Trojan Zeus (alias ZBot)

PostPosted: Mon Apr 30, 2012 1:56 pm
by EP_X0FF
thisisu wrote:
rkhunter wrote:Critical analysis of Microsoft Operation B71 (against ZBot/Zeus/SpyEye botnet)
http://blog.fox-it.com/2012/04/12/critical-analysis-of-microsoft-operation-b71/

"One of the botnets was up and running again within 24 hours of the takedown on a brand new c&c server and continued with its business as usual."

Is this true?


When you are running botnet and really thinking about it security you always have a plan B. Backup/alternative C&C servers, and maybe reserved bot version (Kelihos example). Only a complete takedown combined with law enforcement actions can guarantee that botnet is really dead at forever. So it is not a something unusual, or a fault from Microsoft. Authors of this article should do something instead of searching for mistakes in others actions.

Re: Trojan Zeus (alias ZBot)

PostPosted: Mon Apr 30, 2012 4:14 pm
by Neurofunk
https://www.virustotal.com/file/aa0e54c ... 335802170/
Detection Ratio: 14/43
MD5: 9fbd7c5d26fe75a6faffe29bee66ce40