Author Topic: Zeus botnet now Windows 7 and IPv6 compliant....  (Read 4066 times)

0 Members and 1 Guest are viewing this topic.

Offline polonus

  • Avast √úberevangelist
  • Maybe Bot
  • *****
  • Posts: 31626
  • malware fighter
Zeus botnet now Windows 7 and IPv6 compliant....
« on: December 15, 2009, 11:56:31 PM »
Hi malware fighters,

Zeus is the most popular toolkit to bastle your own botnet and because of the neverending competition new versions are coming out all the time, which now are also Windows 7, Vista compliant and support IPv6 addresses. The Zeus malware toolkit will cost you between euro 275 and euro 500, but only a couple of months later you can download it through all kinds of Torrent-networks. Just like there are various Zeus botnets, there now are various Zeus toolkits. Each toolkit comes with new features, like those of version 1.3.0.0, that emerged towards the end of November last.

"Especially the Windows 7 support will be important for Zeus-dependant botherders, and also the fetching of certificates of infested systems", according to security vendor Damballa's Gunter Ollmann. Here SSL/TLS client certificates and VPN access for businesses are meant. It is remarkable that the "TAN-grabber" was removed. Apparently Zeus-clients do not need it and it will slim down Zeus bot.

IPv6
According to Ollmann the most important feature is support for IPv6, especially important for getting networkdata. Furthermore Zeus can sniff IPv6 traffic automatically and destill valuable networkdata, and does not need to work with extensive packet captures. Now government and businesses are conversing to IPv6, botnetherders have to keep up and become "IPv6 compliant".

Botnetherders are ready for IPv6 and constantly adopting their botnets. Despite of the fact that Zeus is omnipresent, av scanners will not detect the malware. Zeus is constantly changing, making every victim a unique victim and Zeus can circumvent the majority of host0based detection technologies.

Link: http://blog.damballa.com/?p=438
« Last Edit: December 15, 2009, 11:58:31 PM by polonus »
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!