Bozvanovna ZeuS Botnet

Any research, news or information regarding the wide variety of techniques criminals use to take over your computers or web servers.

Bozvanovna ZeuS Botnet

Postby meep » Wed Dec 22, 2010 1:53 pm

From our friend at abuse.ch


The Bozvanovna ZeuS Botnet
Published by admin on December 21, 2010
in Malware & Virus Analysing and ZeuS Tracker
Tags: AS29106, Bozvanovna Botnet, bozvanovna.com, VolgaHost, ZeuS.

This week I’ve taken the opportunity to take a closer look at the current ZeuS campaigns. A few of them keep popping up again and again, so I’ve tried to get some more information about those botnets, their targets as well as the infrastructure that the cybercriminals are using.

In this first blog post I will talk about a ZeuS botnet which I call the “Bozvanovna Botnet”, which is being spread using drive-by exploits (hopefully I will find the time to blog about the other botnets that I’ve found too…).

First of all, let’s take a look at the botnet Command&Control infrastructure: The cybercriminals have registered a pretty big amount of domains to serve ZeuS configs and binaries as well as to provide a dropzone for the infected clients (bots) to upload the stolen information. The reason for this is pretty simple: In most cases the domains that get listed on ZeuS Tracker will get nuked quickly. Then the cybercriminals have to register new domains every time the old domains get suspended. ...
User avatar
meep
Spammers' Nightmare
 
Posts: 2777
Joined: Thu Apr 05, 2007 4:10 pm

Return to Botnets, Hijacks and Hacking

Who is online

Users browsing this forum: No registered users and 1 guest

cron