Difference between revisions of "ZeuS – P2P+DGA variant – mapping out and understanding the threat"
Jump to navigation
Jump to search
m (Text replacement - " www.cert.pl" to "") |
|||
(One intermediate revision by the same user not shown) | |||
Line 1: | Line 1: | ||
{{Publication | {{Publication | ||
|Type=Blogpost | |Type=Blogpost | ||
|Link=http://www.cert.pl/news/4711/langswitch_lang/en | |Link=http://www.cert.pl/news/4711/langswitch_lang/en | ||
|Author=CERT Polska Blog | |Author=CERT Polska Blog | ||
|NomRevue=CERT Polska Blog | |NomRevue=CERT Polska Blog |
Latest revision as of 22:52, 5 August 2015
(Publication) Google search: [1]
ZeuS – P2P+DGA variant – mapping out and understanding the threat | |
---|---|
Botnet | ZeuS - P2P+DGA, ZeuS |
Malware | |
Botnet/malware group | |
Exploit kits | |
Services | |
Feature | |
Distribution vector | |
Target | |
Origin | |
Campaign | |
Operation/Working group | |
Vulnerability | |
CCProtocol | |
Date | 2012 / 2012-01-04 |
Editor/Conference | CERT Polska |
Link | http://www.cert.pl/news/4711/langswitch lang/en (Archive copy) |
Author | CERT Polska Blog |
Type | Blogpost |
Abstract
“ In the autumn of 2011 we observed new malware infections, which looked similar to ZeuS. Subsequent analysis of the malicious software mechanism start up, the process of hiding and storing of configuration indeed verified that it was ZeuS. However, monitoring of infected machines failed to uncover the characteristic communicatation with a C&C. After closer examination it appeared that the sample was probably a new version based on the source code of ZeuS that wasaccidentally made public.
Bibtex
@misc{Lua error: Cannot create process: proc_open(/dev/null): failed to open stream: Operation not permitted2012BFR804, editor = {CERT Polska}, author = {CERT Polska Blog}, title = {ZeuS – P2P+DGA variant – mapping out and understanding the threat}, date = {04}, month = Jan, year = {2012}, howpublished = {\url{http://www.cert.pl/news/4711/langswitch_lang/en}}, }