Feeds

Botnet that pwned 100,000 UK PCs taken out

Researchers crowbar entry into cybercrime server

Secure remote control for conventional and virtual desktops

Security researchers have uncovered the command and control network of a Zeus 2 botnet sub-system targeted at UK surfers that controlled an estimated 100,000 computers.

Cybercrooks based in eastern Europe used a variant of the Zeus 2 cybercrime toolkit to harvest personal data - including bank log-ins, credit and debit card numbers, bank statements, browser cookies, client side certificates, and log-in information for email accounts and social networks - from compromised Windows systems.

Trusteer researchers identified the botnet's drop servers and command and control centre before using reverse engineering to gain access its back-end database and user interface. A log of IP addresses used to access the system, presumably by the cybercrooks that controlled it, was passed by Trusteer onto the Metropolitan Police.

Trusteer declined to point the finger as to the locations of the Zeus botmaster controlling the systems, beyond saying that compromised systems were controlled from eastern Europe.

"The cybercrime servers were hidden but the hackers were not using a lot of security, so it was possible to find a way into the database," Mickey Boodaei, Trusteer's chief exec told El Reg.

The original attack was probably seeded by a combination of infected email attachments and drive-by downloads, according to Amit Klein, Trusteer's chief technology officer. The Windows-based malware used to control zombie clients was a variant of the infamous Zeus cybercrime toolkit, a customisable Trojan keylogger and botnet-control client sold through underground forums that's become the sawn-off shotgun of the cybercrime economy over recent years.

"There are some significant changes between Zeus 1.x and Zeus 2.0: Zeus 2.0 installs differently, better adapted to newer Windows operating systems (Vista, 7). Additionally, Zeus 2.0 has built-in support for Firefox," Klein explained.

"There are Zeus binaries out there for few months already with version number 2.0.x.y. We do not control Zeus's version numbers - it's the Zeus writers who do that," he added.

Trusteer says the attack is an example of the growing trend of regionalised malware. ®

New hybrid storage solutions

More from The Register

next story
Israeli spies rebel over mass-snooping on innocent Palestinians
'Disciplinary treatment will be sharp and clear' vow spy-chiefs
Google recommends pronounceable passwords
Super Chrome goes into battle with Mr Mxyzptlk
Infosec geniuses hack a Canon PRINTER and install DOOM
Internet of Stuff securo-cockups strike yet again
THREE QUARTERS of Android mobes open to web page spy bug
Metasploit module gobbles KitKat SOP slop
'Speargun' program is fantasy, says cable operator
We just might notice if you cut our cables
Snowden, Dotcom, throw bombs into NZ election campaign
Claim of tapped undersea cable refuted by Kiwi PM as Kim claims extradition plot
Apple Pay is a tidy payday for Apple with 0.15% cut, sources say
Cupertino slurps 15 cents from every $100 purchase
YouTube, Amazon and Yahoo! caught in malvertising mess
Cisco says 'Kyle and Stan' attack is spreading through compromised ad networks
prev story

Whitepapers

Secure remote control for conventional and virtual desktops
Balancing user privacy and privileged access, in accordance with compliance frameworks and legislation. Evaluating any potential remote control choice.
Saudi Petroleum chooses Tegile storage solution
A storage solution that addresses company growth and performance for business-critical applications of caseware archive and search along with other key operational systems.
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?
Security for virtualized datacentres
Legacy security solutions are inefficient due to the architectural differences between physical and virtual environments.
Providing a secure and efficient Helpdesk
A single remote control platform for user support is be key to providing an efficient helpdesk. Retain full control over the way in which screen and keystroke data is transmitted.