« previous next »
Pages: [1]   Go Down

Author Topic: How to detect the ever changing Zeus bot infection?  (Read 7882 times)

0 Members and 1 Guest are viewing this topic.

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33939
  • malware fighter
How to detect the ever changing Zeus bot infection?
« on: March 12, 2010, 10:37:35 PM »
Hi malware fighters,

There has been seen quite an increase in Zeusbot infections lately. How to detect the various everchanging variants has been described here:
http://blogs.technet.com/mmpc/archive/2010/03/11/got-zbot.aspx

polonus
« Last Edit: March 12, 2010, 11:03:18 PM by polonus »
Logged
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

CharleyO

  • Guest
Re: How to detect the ever changing Zeus bot infection?
« Reply #1 on: March 13, 2010, 04:01:47 PM »
***

Nice information ... thanks for the link, Polonus   :)

One reason I like to see HJT logs is that userinit shows up and can be checked whether or not what is listed is good or not.


***
Logged

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33939
  • malware fighter
Re: How to detect the ever changing Zeus bot infection?
« Reply #2 on: March 13, 2010, 08:19:03 PM »
Hi CharleyO,

The latest version of Zeusbot now comes with a MS installation protection against pirated versions:
http://www.secureworks.com/research/threats/zeus/?threat=zeus
Link: http://www.theregister.co.uk/2010/03/12/new_zeus_features/

polonus
Logged
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

CharleyO

  • Guest
Re: How to detect the ever changing Zeus bot infection?
« Reply #3 on: March 14, 2010, 04:13:02 PM »
***

Thanks for the additional links, Polonus, as it is interesting reading.   :)


***
Logged
Pages: [1]   Go Up
« previous next »