Which is the Real ZeuS Botnet?

By Roel Schouwenberg, Kaspersky LabAmongst some others the Zeus bot is one of the most prolific bots in
the wild and in the media. Lately there has been quite a few reports on
the aspects surrounding Zeus, such as new research and the Troyak
takedown.

By Roel Schouwenberg, Kaspersky Lab

Amongst some others the Zeus bot is one of the most prolific bots in
the wild and in the media. Lately there has been quite a few reports on
the aspects surrounding Zeus, such as new research and the Troyak
takedown.

Naturally, this is great news. However, awareness is still lacking
and the heavy reporting around Zeus is making more people aware of the
sophistication of the cyber criminal underground. Unfortunately, In many
of the reports there is a recurring incorrectness. These reports talk
about “the Zeus botnet”, which is an inaccurate reflection of reality.

The reality is that there are many, many different Zeus botnets all
maintained by different cyber criminals. The amount of unique Zeus
botnets is likely to be in the hundreds. The cyber criminals behind the
Zeus bot will sell it to anyone who can then start their own unique
botnet. Going even further there are some side-branches of Zeus
maintained by other cyber criminals.

Given this situation it’s not unlikely that in a large enterprise
machines may be infected with Zeus bot variants which are controlled by
different cyber criminals and therefore belong to different Zeus
botnets.

Read the entire post at Securelist.

Suggested articles

Discussion

  • antihacker101 on

    been fighting the original since aug 2008.  everything i touched got infected, including 3 phone companys.   there is one system in place that allows all these botnets to work.  there is a shutdown code that the hacker used apr 3rd when he paniced.  it came back 3 days later. 

    if you tear down a part of the worm, other parts(on timers elseware) bring it back.  my systems screw up 3am mountain time every day.   im seeing signs of hope lately, but also proof that someone else has taken over.     the mainpart of the worm uses phonetowers and possibly satalites to focus onto signals using geo locations.   he also uses ADS and Ring3 independant of the OS.  

    the details link back to Master SPYNTER aka hacker turned fbi aka turned fbi to hacker linked to fbi training center. 

     

     

Subscribe to our newsletter, Threatpost Today!

Get the latest breaking news delivered daily to your inbox.