Posts Tagged ‘Kademlia. Computer’

Zeus Trojan HorseEvolution of Zeus Botnet Part 3

Evolution of Zeus Botnet Part 2 Here

Zeus, version 3 – Gameover

In the version of Zeus 2.1 was an attempt to get away from the hard-coded command center and move to a more protected from the actions of the anti-virus companies control system (using DGA). As it turned out, the creators of Zeus continued his studies in the field.

In October 2011, Roman Huessy, creator ZeusTracker, exploring the latest version received Zeus, noted the presence of a strange UDP-traffic. Further analysis showed that the new version of Zeus had several IP-addresses in the configuration block, and computers with these IP answered infected system. Within 24 hours it was revealed about 100,000 unique IP addresses, which is related to a new version. Most of the infected computers were located in India, Italy and the U.S..

Since it was found that Zeus started using P2P update mechanism itself and its data blocks configuration. Because of the use of the name gameover.php script when handling command center for this version of the name used Gameover Zeus. This is a rather symbolic – as can be seen, the ‘game’ with Zeus has ended. (more…)