ZeuS

The printable version is no longer supported and may have rendering errors. Please update your browser bookmarks and please use the default browser print function instead.

(Botnet) Link to the old Wiki page : [1] / Google search: [2]

ZeuS
Alias
Group	Banking
Parent
Sibling
Family
Relations	Variants: Sibling of: Parent of: Chthonic, Citadel, Floki, Gameover, IceIX, JabberZeuS, Murofet, Ramnit, Skynet Distribution of: Campaigns:
Target	Microsoft Windows
Origin
Distribution vector
UserAgent
CCProtocol	HTTP (Centralized)
Activity	2006 /
Status
Language
Programming language
Operation/Working group	Operation b71

Introduction

ZeuS est un cheval de Troie qui dérobe des informations bancaires par enregistrement de frappe et récupération de formulaire.

Début mai 2011, le code source de la version 2.0.8.9 a été rendu public. La publication de la source a permis de sortir des variantes du cheval de troie. La première variante observée a été IceIX vendu 1800$.

Descendance: IceIX, Citadel, Gameover, Murofet/Licat

Features

Associated images

Checksums / AV databases

Publications

	Author	Editor	Year
An interesting case of JRE sandbox breach (CVE-2012-0507)	Jeong Wook (Matt) Oh Chun Feng	Microsoft	2012
Anonymous supporters tricked into installing ZeuS trojan		Symantec	2012
Avalanche phishers migrate to ZeuS	Linda McGlasson	Bankinfo security	2010
Battling the Zbot threat	Joe Faulhaber Paul Henry Frank Simorjay Holly Stewart T.J. Campana Matt McCormack	Microsoft	2010
Bredolab botmaster ‘Birdie’ still at large	Brian Krebs	Krebs on Security	2012
Carberp: Silent trojan, eventual successor to ZeuS	Carlos Zevallos	InfoSpyware	2011
Cracking into the new P2P variant of Zeusbot/Spyeye	Andrea Lelli	Symantec	2011
DGAs and cyber-criminals: a case study	Manos Antonakakis Jeremy Demar Christopher Elisan John Jerrim	Damballa
Going solo: self-propagating ZBOT malware spotted	Abigail Pichel Joie Salvio Alvin Bacani	Trend Micro	2013
Harnig botnet: a retreating army	Atif Mushtaq	FireEye	2011
Malware Memory Analysis - Volatility	Basement Tech	Basement PC Tech	2012
Massive Drop in number of active Zeus C&C servers		Abuse.ch	2010
Microsoft and financial services industry leaders target cybercriminal operations from ZeuS botnets	Richard Domingues Boscovich	Microsoft	2012
New IceIX (ZeuS variant) changes its encryption method (again)	Andreas Baumhof	TrustDefender Labs	2011
Now you Z-(eus) it, now you don’t: ZeuS bots silently upgraded to Citadel		RSA	2012
On botnets that use DNS for command and control	Felix C. Freiling Christian J. Dietrich Christian Rossow Herbert Bos Maarten van Steen Norbert Pohlmann	Institute for Internet Security University of Applied Sciences Gelsenkirchen Gelsenkirchen, Germany	2011
On the analysis of the ZeuS botnet crimeware toolkit	Hamad Binsalleeh Thomas Ormerod Amine Boukhtouta Prosenjit Sinha Amr M. Youssef Mourad Debbabi Lingyu Wang		2010
Overview: inside the ZeuS trojan’s source code	Steve Ragan	The Tech Herald	2011
Panda Security uncovers bot-killing malware	Brian Prince	Wired Business Media	2012
Playing cops & robbers with banks & browsers	Fred Gutierrez	Symantec	2012
Relentless Zbot and anti-emulations	Anoirel Issa	Symantec	2012
SIM-ple: mobile handsets are weak link in latest online banking fraud scheme	Amit Klein	Trusteer	2012
SIRv12	Joe Faulhaber David Felstead Paul Henry Jeff Jones Jimmy Kuo Marc Lauricella Dave Probert Tim Rains Frank Simorjay Holly Stewart Matt Thomlinson Scott Wu Terry Zink Dennis Batchelder Shah Bawany Joe Blackbird Eve Blakemore Sarmad Fayyaz Nitin Kumar Goel Ken Malcolmson Nam Ng Mark Oram Daryl Pecelj	Microsoft	2012
SpyEye being kicked to the curb by its customers?	Sean Bodmer	Damballa	2012
The Cridex trojan targets 137 financial organizations in one go	Daniel Chechik	M86 Security Labs	2012
The evolution of webinjects	Jean-Ian Boutin	Virus Bulletin	2014
Top 50 bad hosts & networks 2011 Q4	Jart Armin Steve Burn Greg Feezel David Glosser Niels Groeneveld Tim Karpinsky Bogdan Vovchenko Will Rogofsky Philip Stranger Bryn Thompson	HostExploit	2012
Torpig - Back to the future or how the most sophisticated trojan in 2008 reinvents itself	Andreas Baumhof	Andreas Baumhof	2011
Zeroing in on malware propagation methods	Joe Faulhaber David Felstead Paul Henry Jeff Jones Ellen Cram Kowalczyk Jimmy Kuo John Lambert Marc Lauricella Aaron Margosis Michelle Meyer Anurag Pandit Anthony Penta Dave Probert Tim Rains Mark E. Russinovich Weijuan Shi Adam Shostack Frank Simorjay Hemanth Srinivasan Holly Stewart Matt Thomlinson Jeff Williams Scott Wu Terry Zink	Microsoft	2011
ZeuS ransomware feature: win unlock	Mikko S. Marko	F-Secure	2012
ZeuS v2 Malware Analysis - Part II	Patrick Olsen	System Forensics	2012
ZeuS – P2P+DGA variant – mapping out and understanding the threat	CERT Polska Blog	CERT Polska	2012
ZeuS: me talk pretty Finnish one day		F-Secure	2012
ZeuSbot/Spyeye P2P updated, fortifying the botnet	Andrea Lelli	Symantec	2012

Graph Slavik "Harderman"

Vente du code source sur un forum

File:ZeuS.PNG

ZeuS v2.0.8.9

File:Builder ICE IX.jpg

IceIX v1.0.5

Liens externes