Home Business IT Security Zeusbot goes P2P to avoid blocking efforts

A variant of the Zeusbot/Spyeye malware has done away with the need for a command and control server, presenting a challenge for future takedown efforts.

Symantec has warned that a variant of the Zeusbot/Spyeye malware has done away with the need for a command and control (C&C) server, with that function now being performed by the botnet itself in a peer-to-peer (P2P) manner.

Previously, P2P was used to communicate between bots any change in the C&C server's URL. Other techniques have also been used, such as programmatically determining the URLs to be used on particular dates in the event that a bot loses contact completely.

Legally-approved takedowns of C&C servers, or merely blocking access to them, has proved successful in putting a crimp in the activities of the botherders. In also provided a lead in the identification of those responsible.

The move to greater use of P2P eliminates the possibility of takedowns (even if we were prepared to tolerate the takedown of any infected computer - at least until it had been disinfected - the widespread use of DHCP means there would be a risk of taking unaffected computers offline) and makes it harder to identify the miscreants. Symantec has not yet determined how data stolen by the new botnet reaches the attacker, but has not ruled out the possibility of a C&C server for that purpose.

Other changes noted by Symantec include a greater use of UDP instead of TCP to make it harder to track and dump data exchanges, and alterations to the compression and encryption used. In addition, the Zeus bot has been found distributing additional malware.

The company warns that "Zeus's main infection vector is emails containing malicious attachments, pretending to look like documents." So be cautious, and don't open attachments from unknown sources.


Download an in-depth guide to managing a healthy, motivated and energetic workforce without breaking the bank.


Stephen Withers

joomla visitors

Stephen Withers is one of Australia¹s most experienced IT journalists, having begun his career in the days of 8-bit 'microcomputers'. He covers the gamut from gadgets to enterprise systems. In previous lives he has been an academic, a systems programmer, an IT support manager, and an online services manager. Stephen holds an honours degree in Management Sciences, a PhD in Industrial and Business Studies, and is a senior member of the Australian Computer Society.






Join the iTWire Community and be part of the latest news, invites to exclusive events, whitepapers and educational materials and oppertunities.
Why do I want to receive this daily update?
  • The latest features from iTWire
  • Free whitepaper downloads
  • Industry opportunities