Tuesday, February 24, 2009

Zeus botnet. Mass propagation of trojan. Part two

In the first part, we were well above what it's Zeus, next to a small list of domains and IP addresses involved in the trojan and very useful to block them.

The map below shows information regarding each host infected by Zeus who is identified through a point. Although at first glance, the information shown in the map may feel inadequate, it must be remembered that each node can represent multiple IP addresses or domains hosted on one server, so the percentage of equipment infected power.


Although the list is very small compared with the number of domains that host Zeus, is extremely important that managers locked themselves in their network structure to avoid infection.

85.17.139.189 investmentguard.co.uk/foto/body_bg_akh10 .jpg
85.17.143.132 mainssrv.com/pic/timeats .jpg
91.197.130.39 goldarea.biz/bot .exe
92.48.119.151 allmusicsshop.com/bnngJPdf7772Nd .exe
92.62.100.14 chinkchoi.net/3n539@32d .exe
92.62.101.54 drupa1.com/s/fuck .exe
92.62.101.54 ltnc.info/utility/lease/software/update/config .bin
92.62.101.54 tdxs.info/utility/backup/config .bin
94.103.80.150 zone-game.org/ldr .exe
94.75.214.18 vokcrash.com/144/load .php
196.2.198.243/wweb11/zdr .exe
196.2.198.243/xwweb/zdb .exe
58.65.236.41/z .exe
67.225.177.120/moon/cfg1.bin
78.26.179.201/matt/loader .exe
91.211.65.122/~nostr551te/endive/dogi .exe
92.241.164.198/~cadazeu/testbot/ldr .exe
92.62.101.60/g1/data
92.62.101.60/g2/data
92.62.101.60/g2/run .exe
94.247.3.211/ddk/audio
94.247.3.211/rot/load .exe
94.247.3.211/rot/zlom
freecastingus.cn/z12/config .bin
freecastingus.cn/z12/loader .exe
http://ltnc.info/utility/lease/software/update/config .bin
http://tdxs.info/utility/backup/config .bin

Furthermore, each of the domains, along with its IP address, representing an infected host or server violated.

Given that the spread of infection and are employed by Zeus, email and technical Drive-by-Download through different exploit where one of the best known is Luckysploit, or sites which are vulnerable to malware implanted kits as ElFiesta, it is extremely important to block domains and IP addresses that I have outlined.

Related Information

Zeus botnet. Mass propagation of trojan. Part one

# Jorge Mieres

No comments: