Now you Z-(eus) it, now you don’t: ZeuS bots silently upgraded to Citadel
Revision as of 21:26, 25 November 2012 by Eric.freyssinet (talk | contribs) (Eric.freyssinet a déplacé la page Now you Z-(eus) it, now you don’t: Zeus bots silently upgraded to Citadel vers Now you Z-(eus) it, now you don’t: ZeuS bots silently upgraded to Citadel sans laisser de redirection : Remplacement du text...)
(Publication) Google search: [1]
Now you Z-(eus) it, now you don’t: ZeuS bots silently upgraded to Citadel | |
---|---|
Botnet | ZeuS, Citadel |
Malware | |
Botnet/malware group | |
Exploit kits | |
Services | |
Feature | |
Distribution vector | |
Target | |
Origin | |
Campaign | |
Operation/Working group | |
Vulnerability | |
CCProtocol | |
Date | 2012 / 22 mars 2012 |
Editor/Conference | RSA |
Link | http://blogs.rsa.com/rsafarl/now-you-z-eus-it-now-you-don%E2%80%99t-zeus-bots-silently-upgraded-to-citadel/ blogs.rsa.com (blogs.rsa.com Archive copy) |
Author | |
Type |
Abstract
“ The FraudAction Research Lab has recently analyzed a ZeuS 2.1.0.1 variant downloading an additional Trojan into infected PCs by fetching a Citadel Trojan (think of the Borg on Star Trek). RSA is witness to many ZeuS botmasters who upgraded and moved up to Ice IX neighborhoods, and now, to yet another summer home – Citadel infrastructures.
ZeuS 2.1.0.1 is a commercially available upgrade[1] of the ZeuS 2.0.8.9 banking Trojan (which was the last “true” variant released by the original coder, Slavik and his developers team). This Trojan does not present any features much different than its predecessor.
Bibtex
@misc{Lua error: Cannot create process: proc_open(/dev/null): failed to open stream: Operation not permitted2012BFR955, editor = {RSA}, author = {}, title = {Now you Z-(eus) it, now you don’t: ZeuS bots silently upgraded to Citadel}, date = {23}, month = Mar, year = {2012}, howpublished = {\url{http://blogs.rsa.com/rsafarl/now-you-z-eus-it-now-you-don%E2%80%99t-zeus-bots-silently-upgraded-to-citadel/ blogs.rsa.com}}, }