Home Business IT Security Zeusbot goes P2P to avoid blocking efforts

A variant of the Zeusbot/Spyeye malware has done away with the need for a command and control server, presenting a challenge for future takedown efforts.

Symantec has warned that a variant of the Zeusbot/Spyeye malware has done away with the need for a command and control (C&C) server, with that function now being performed by the botnet itself in a peer-to-peer (P2P) manner.

Previously, P2P was used to communicate between bots any change in the C&C server's URL. Other techniques have also been used, such as programmatically determining the URLs to be used on particular dates in the event that a bot loses contact completely.

Legally-approved takedowns of C&C servers, or merely blocking access to them, has proved successful in putting a crimp in the activities of the botherders. In also provided a lead in the identification of those responsible.

The move to greater use of P2P eliminates the possibility of takedowns (even if we were prepared to tolerate the takedown of any infected computer - at least until it had been disinfected - the widespread use of DHCP means there would be a risk of taking unaffected computers offline) and makes it harder to identify the miscreants. Symantec has not yet determined how data stolen by the new botnet reaches the attacker, but has not ruled out the possibility of a C&C server for that purpose.

Other changes noted by Symantec include a greater use of UDP instead of TCP to make it harder to track and dump data exchanges, and alterations to the compression and encryption used. In addition, the Zeus bot has been found distributing additional malware.

The company warns that "Zeus's main infection vector is emails containing malicious attachments, pretending to look like documents." So be cautious, and don't open attachments from unknown sources.


Does your remote support strategy keep you and your CEO awake at night?

Today’s remote support solutions offer much more than just remote control for PCs. Their functional footprint is expanding to include support for more devices and richer analytics for trend analysis and supervisor dashboards.

It is imperative that service executives acquaint themselves with the new features and capabilities being introduced by leading remote support platforms and find ways to leverage the capabilities beyond technical support.

Field services, education services, professional services, and managed services are all increasing adoption of these tools to boost productivity and avoid on-site visits.

Which product is easiest to deploy, has the best maintenance mode capabilities, the best mobile access and custom reporting, dynamic thresholds setting, and enhanced discovery capabilities?

To find out all you need to know about using remote support to improve your bottom line, download this FREE Whitepaper.


Stephen Withers

joomla visitors

Stephen Withers is one of Australia¹s most experienced IT journalists, having begun his career in the days of 8-bit 'microcomputers'. He covers the gamut from gadgets to enterprise systems. In previous lives he has been an academic, a systems programmer, an IT support manager, and an online services manager. Stephen holds an honours degree in Management Sciences, a PhD in Industrial and Business Studies, and is a senior member of the Australian Computer Society.