Malware toolkits are designed to steal information, such as bank account data, and provide cyber criminals with vast quantities of stolen credentials. Every day, credit card numbers stolen by malware such as Zeus and SpyEye are bought and sold in the underground economy. This has given rise to the recruitment of “pack mules.” When using [...]
Tag Archives: zeus
Clustering Zeus Command and Control Servers Part 2
November 5, 2010 – 4:02 pm
In Part 1 of “Clustering Zeus Command and Control Servers” I focused on clustering Zeus command and control servers based on three criteria: IP addresses, domain names, and email addresses used to register domain names. Using data drawn from ZeusTracker and MalwareDomainList, I observed that while a wide variety of criminals may set up disparate [...]
Clustering Zeus Command and Control Servers
October 14, 2010 – 11:16 am
Recently, more than 150 individuals around the world have been arrested on bank fraud related charges after using the Zeus malware to acquire credentials that enabled the criminals to steal more than $70 million dollars. Those arrested include five Ukrainian individuals that are believed to be the masterminds behind the operation. Brian Krebs notes that [...]
Crime or Espionage? Part 2
September 9, 2010 – 8:28 am
In “Crime or Espionage Part 1” I examined a series of attacks that appear to be aimed at those interested in intelligence issues and those in the government and military. The malware used in these attacks was ZeuS and there are common command and control elements used in the attacks beginning in December 2009 and [...]
Crime or Espionage?
August 28, 2010 – 8:27 am
ZeuS is a well known crimeware tool kit that is readily available online. The tool allows even the most unskilled to operate a botnet. Typically, Zeus has been associated with banking fraud. Recently, there have been a series of attacks using the Zeus malware that appear to be less motivated by bank fraud and more [...]
The “Kneber” Botnet, Spear Phishing Attacks and Crimeware
February 28, 2010 – 8:25 am
by Nart Villeneuve (Chief Research Officer, SecDev.cyber) Introduction Targeted attacks, known as “spear phishing,” are increasingly exploiting government and military themes in order to compromise defense contractors in the Unites States. [1] In 2009, the Washington Post reported that unknown attackers were able to break into a defense contractor and steal documents pertaining to the [...]