Hi Logos,
This is demonstrating what an enormous threat is formed by the collective Zeus zombie army, because that is how the driver certificates to make the stuxnet malware were initially compromised and could be further abused to design the new malware. Zeus/kneber botnet collectives etc. goes under the radar of normal av initially (see my postings in the virus and worms, last detection zero detection rate), and just alone in the USA 3.6 million computers are not any longer owned by the folks that sit between their keyboards and chairs, but machines are owned by malcreant bot herders, that even got a cybercriminal licence key to operate this menace machine herd (lowsec\local.ds.). Here is a message from someone who is not aware of that particular fact:
http://seclists.org/honeypots/2010/q2/3A clean system by default should not have any unique ID made by the malware, so if you run the following:
REG QUERY "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Network" /v UID
-- or --
REG QUERY "HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Network" /v UID
an infected machine would return the following data in the following format:
<computer name>_<string id> (for example, COMP1_00038EB9)
TN security info
The net has become more and more broken now and the situation is not getting any better soon, my friends, and this is a very realistic statement not for the users that know how to Safe hex and be well protected but to the poor unaware clicking-on-everything-that-moves user.... and all we can do is preaching to the choir or as the desolate in the desert that was never heard, specifically by parties that do not want to change the security situation as we have it,
polonus
Link to wake you all up:
http://www.symantec.com/connect/blogs/spyeye-bot-versus-zeus-bothttp://www.securelist.com/en/blog/2128/Will_the_real_Zeus_botnet_please_stand_upanalysis on the malware's complexity:
http://blog.threatexpert.com/2009_09_01_archive.html
