Zemra, a new crimeware bot that shares traits with the banking Trojans Zeus and SpyEye has been making the rounds lately, according to a recent post on Symantec’s Security Response blog.
In the post, Symantec’s Alan Neville claims Zemra has been seen executing distributed denial of service attacks against organizations and aiming to extort funds as of late.
Like Zeus and SpyEye before it, Zemra’s Web-based command and control (C+C) panel is hosted on a remote server, allowing it to distribute commands to vulnerable computers. The bot is also capable of dynamically updating itself, monitoring devices, downloading and executing binary files, and spreading through USB devices, among other functions, Symantec said.
Symantec researchers analyzed two types of Zemra’s DDoS attacks: the HTTP flood and the SYN flood. The HTTP flood attack can open and close raw socket connections while the SYN flood can send multiple requests via SYN packets to a targeted computer. The abundance of requests creates a backlog of TCB creation requests, fatiguing the server and making it unable to address any legitimate requests.
The bot first surfaced on underground forums last month where its creators offered it for sale for €100. For more on Zemra, head to the Security Response blog.