Home Business IT Security Zeusbot goes P2P to avoid blocking efforts
Get all your tech news delivered to your mail box five days a week
iTWire UPDATE - it's FREE!


A variant of the Zeusbot/Spyeye malware has done away with the need for a command and control server, presenting a challenge for future takedown efforts.

Symantec has warned that a variant of the Zeusbot/Spyeye malware has done away with the need for a command and control (C&C) server, with that function now being performed by the botnet itself in a peer-to-peer (P2P) manner.

Previously, P2P was used to communicate between bots any change in the C&C server's URL. Other techniques have also been used, such as programmatically determining the URLs to be used on particular dates in the event that a bot loses contact completely.

Legally-approved takedowns of C&C servers, or merely blocking access to them, has proved successful in putting a crimp in the activities of the botherders. In also provided a lead in the identification of those responsible.

The move to greater use of P2P eliminates the possibility of takedowns (even if we were prepared to tolerate the takedown of any infected computer - at least until it had been disinfected - the widespread use of DHCP means there would be a risk of taking unaffected computers offline) and makes it harder to identify the miscreants. Symantec has not yet determined how data stolen by the new botnet reaches the attacker, but has not ruled out the possibility of a C&C server for that purpose.

Other changes noted by Symantec include a greater use of UDP instead of TCP to make it harder to track and dump data exchanges, and alterations to the compression and encryption used. In addition, the Zeus bot has been found distributing additional malware.

The company warns that "Zeus's main infection vector is emails containing malicious attachments, pretending to look like documents." So be cautious, and don't open attachments from unknown sources.

ITWIRE SERIES - REVENUE-CRITICAL APPS UNDERPERFORMING?

Avoid War Room Scenarios and improve handling of critical application problems:

• Track all transactions, end-to-end, all the time and know what your users experience 24/7

• View code level details with context and repair problems quickly

• Fix problems in minutes before they wreak havoc

• Optimize your most important applications, Java, .NET, PHP, C/C++ and many more

Start your free trial today!

CLICK FOR FREE TRIAL!

ITWIRE SERIES - IS YOUR BACKUP STRATEGY COSTING YOU CLIENTS?

Where are your clients backing up to right now?

Is your DR strategy as advanced as the rest of your service portfolio?

What areas of your business could be improved if you outsourced your backups to a trusted source?

Read the industry whitepaper and discover where to turn to for managed backup

FIND OUT MORE!

Stephen Withers

joomla visitors

Stephen Withers is one of Australia¹s most experienced IT journalists, having begun his career in the days of 8-bit 'microcomputers'. He covers the gamut from gadgets to enterprise systems. In previous lives he has been an academic, a systems programmer, an IT support manager, and an online services manager. Stephen holds an honours degree in Management Sciences, a PhD in Industrial and Business Studies, and is a senior member of the Australian Computer Society.

Connect