ZeuS Botnet

Richard Boscovich on the Zeus Botnet Takedown

Dennis Fisher talks with Richard Boscovich of the Microsoft Digital Crimes Unit about the operation to take down the Zeus botnet, how the company works with partners and law enforcement on these operations and the importance of getting the word out to consumers about the danger of botnets.

Top Crimeware Hosting Provider Taken Offline

VolgaHost, a hosting provider notorious in the security community for hosting botnet command-and-control servers and other services related to online crime has been taken offline, and a number of servers involved in the Zeus crimeware operation are offline, as a result.

Week in Security: Stuxnet Revelations and Black Hat Happenings

Stuxnet chat saturated the news this week after the New York Times got the cyber security echo chamber going with a story delving into the mysterious worm. But Stuxnet was hardly the only news this week, which also saw new research from the Black Hat Briefings conference in Washington D.C. and progress on the strange disappearance of security researcher Dancho Danchev. Read on for the full week in review.

The simplistic spam campaign that hit around Christmas and purported to be a holiday greeting from the White House not only included a piece of Zeus-related malware that searches hard drives for documents and uploads them to a remote server, but also appears to be connected to a similar attack from early 2010 that exposed a nascent botnet.

The SpyEye Tracker, a new site that hopes to trace the activity of the budding SpyEye Trojan, went live this week and shows the emerging SpyEye botnet to be global in reach, but still much smaller than the Zeus botnet with which it has merged.

Members of LinkedIn who clicked on fake connection requests sent users to a Website that displayed “PLEASE
WAITING…4 SECONDS” before redirecting them to Google. During those 4
seconds, the Website downloaded Zeus data-theft malware onto their PCs. Read the full article. [eWEEK]

Isolated strains of mainstream malware that took advantage of how the
zero-day Windows flaw first exploited by the sophisticated Stuxnet worm
began appearing late last week. The same approach has since been applied
by the dodgy sorts behind Zeus, a family of sophisticated toolkits
frequently used to steal bank login credentials and the like from
compromised systems. Read the full article. [The Register]

A network frequently used for malware delivery was shut down Wednesday night, probably against the will of its operators. Troyak.org, an Internet service provider well-known for
serving Zeus botnets and other malware delivery methods, went dark
overnight, resulting in the shutdown of as many as 25 percent of the
world’s Zeus botnets, according to researchers. Read the full article. [Dark Reading]

Subscribe to our newsletter, Threatpost Today!

Get the latest breaking news delivered daily to your inbox.