ZeuS – P2P+DGA variant – mapping out and understanding the threat
Revision as of 22:52, 5 August 2015 by Eric.freyssinet (talk | contribs) (Text replacement - " www.cert.pl" to "")
(Publication) Google search: [1]
ZeuS – P2P+DGA variant – mapping out and understanding the threat | |
---|---|
Botnet | ZeuS - P2P+DGA, ZeuS |
Malware | |
Botnet/malware group | |
Exploit kits | |
Services | |
Feature | |
Distribution vector | |
Target | |
Origin | |
Campaign | |
Operation/Working group | |
Vulnerability | |
CCProtocol | |
Date | 2012 / 2012-01-04 |
Editor/Conference | CERT Polska |
Link | http://www.cert.pl/news/4711/langswitch lang/en (Archive copy) |
Author | CERT Polska Blog |
Type | Blogpost |
Abstract
“ In the autumn of 2011 we observed new malware infections, which looked similar to ZeuS. Subsequent analysis of the malicious software mechanism start up, the process of hiding and storing of configuration indeed verified that it was ZeuS. However, monitoring of infected machines failed to uncover the characteristic communicatation with a C&C. After closer examination it appeared that the sample was probably a new version based on the source code of ZeuS that wasaccidentally made public.
Bibtex
@misc{Lua error: Cannot create process: proc_open(/dev/null): failed to open stream: Operation not permitted2012BFR804, editor = {CERT Polska}, author = {CERT Polska Blog}, title = {ZeuS – P2P+DGA variant – mapping out and understanding the threat}, date = {04}, month = Jan, year = {2012}, howpublished = {\url{http://www.cert.pl/news/4711/langswitch_lang/en}}, }