Author Topic: Zeus botnet providers' escape....  (Read 1774 times)

0 Members and 1 Guest are viewing this topic.

Offline polonus

  • Avast Überevangelist
  • Maybe Bot
  • *****
  • Posts: 31626
  • malware fighter
Zeus botnet providers' escape....
« on: April 06, 2010, 08:08:09 PM »
Hi malware fighters,

Zeus CC servers are escaping to so-called FastFlux botnet, because bulletproof Zeus botnet providers like recently Trojac are being closed down, criminal ISPs are checked by their upstream providers so the going gets narrow. For Zeus bot activity see: https://zeustracker.abuse.ch/statistic.php
Take one at a once particular Zeus  IP:  superlayout.org
Summary
•Computer Threats:       1.
General Info
•Identity Threats:       0
•Annoyance factors:      0

   
Total threats on this site:    1

Web Site Location     China


superlayout.org
Threat Report

Total threats found: 1

Small-whitebg-red    Virus

Threats found: 1
Here is a complete list:
Threat Name:    Packed.Generic.292
Location:    Location:      hxtp://superlayout.org/125/tyu7.exe (not actual - domain suspended)

Here apparently nothing found: http://scanner.novirusthanks.org/analysis/7c36152228e787558257a7de4394cce6/aW5kZXg=/
because domain was suspended: https://zeustracker.abuse.ch/removals.php?host=superlayout.org

Recent listing( for home users): http://www.malwaredomains.com/wordpress/?cat=63

polonus

   
« Last Edit: April 07, 2010, 12:42:19 AM by polonus »
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!