Wednesday, February 18, 2009

Zeus botnet. Mass propagation of trojan. Part one

Speaking of phishing attacks or kits at this point in history is nothing new, nor is talk of malware infection techniques and their increasingly sophisticated and increasingly aggressive, however, and the spread of infection and fraud continues even at present is a business, apparently very profitable for those who are behind it.

Zeus (also known as Zbot or wsnpoem), just gets in the category of fraudulent and malicious. This is basically a trojan designed to recruit PCs zombies and phishing attacks, financial institutions, banking, social networking sites, stealing data from email authentication, FTP accounts, etc., combining techniques of scripting, exploit, among others.

66.113.136.225 powelldirects.com/awstats/stat1/main .exe
79.135.179.180 anytimeshopforall.com/new_dir/ldr .exe

79.135.187.112 newprogress.info/tmp/ldr .exe

81.176.123.220 light-money.cn/files/ldr .exe

81.176.123.221 conexnet.cn/nuc/exe .php

91.207.117.174 4utraffic.info/tmp/ldr .exe

118.219.232.248 moqawama.co.cc/zv/cfg .bin

208.113.161.124 ebayhelp.co.il/4ebay/5e .txt

115.126.5.50 1.google-credit.cn/q83wi/ld46 .exe

124.217.242.80 custom4all.info/syst/grepko .exe

193.138.172.5 upd-windows-microsoft.cn/zv/ldr .exe

195.2.253.137 mega-3k.com/krot22/rege .exe

195.2.253.186 firebit32.com/mako22/43r .exe

195.55.174.140 www.provis.es/imagenes/menue .exe

201.235.253.22 www.elsanto-disco.com.ar/.z/zeus .exe


211.95.79.6 horobl.cn/dll/cr .txt
213.205.40.169 www.saiprogetti.it/r .exe

216.246.91.49 d1gix.net/forum/load .exe

216.246.91.49 www.commerceonline-service.net/chat/cfg .ini

218.93.202.114 marketingsoluchion.biz/fkn/config .bin

218.93.205.242 cosmosi.ru/lsass .exe

220.196.59.18 infinitilancer.cn/forum/load .php?id=861&spl=7

220.196.59.18 nepaxek-domain.cn/stores/hello .world

220.196.59.18 nepaxek-domain.cn/stores/urko .exe

58.65.236.129 userzeus.com/zw/cfg .bin

58.65.236.129 verified09.com/ldr .exe

58.65.236.129 wcontact.cn/zsadmin/ldr .exe

58.65.237.153 arsofcaribion.com/lder/ldr .exe

67.210.124.90 academcity.com/ic/6e .txt

67.210.124.90 academcity.com/ic/6e .txt

68.180.151.74 emailsupports.com/Info .exe

68.180.151.74 emailsupports.com/z/setup .ini

68.180.151.74 mypage12.com/control/cfg .bin

72.167.232.78 powelldirects.com/awstats/usbtn/conf .sts

72.233.79.18 i-love-porno.com/z/ldr .exe

72.9.154.58 daimtraders.com/vateranery/imgpe .bin

74.86.115.14 arinina.com/cfg/ntdrv32 .exe

77.222.40.33 chixxxa.com/tru/ldr .exe

78.159.96.95 zonephp.com/us/us1 .exe

85.12.197.41 danacompany.ru/css/cs .bin

85.17.109.10 sjfdhw395t.com/newzz/cfg .bin


It's quite dangerous if we consider that in addition to the typical actions of the malware, can be obtained by any person to deposit a certain amount of money in the account of its creators.

Perhaps this is one of the best reasons to argue why the many variants of "Zeus" who are In-the-Wild wiles to recruit zombies looking for our systems. The truth is that, although not up to its name, is one of the largest botnet of the moment.

Even though this last feature is threatened by other "alternatives" of the world as a botnet Waledac, recent Adrenalin, or smaller (in magnitude) Asprox (also known as Danmec) really must be careful not to be victims of these threats are always looking to successfully carry out its mission: to get our money and computer resources.

Related information
Waledac more loving than ever Spanish version
Danmec Bot, Fast-Flux networks and recruitment of Zombies PCs Spanish version


# Jorge Mieres

No comments: