New ZeuS 1.x variant discovered- Is this the missing link?

2010
09.13

New ZeuS 1.x variant discovered- Is this the missing link?

Categoria: Botnet, Malware / Tag: Financial Botnet, zeus / Aggiungi un commento

[..]

According to their respective configuration files, the versions of these samples are 1.3.7.0 and 1.4.1.3. Let’s see the most relevant differences in comparison with the most common versions:

[..]

– Encrypted connection. Both the downloading of the configuration file and access to the control panel are made through SSL connection. This is new; both 1.x and 2.x perform an HTTP connection in plain text, sending the encrypted data along with their respective algorithms.

– Change of encryption. The encryption used is the RC4 seen to date, but with a slight change in its “step”. It doesn’t use the xor encryption layer used by versions 2.x

[..]

The Italian Honey Project

New ZeuS 1.x variant discovered- Is this the missing link?

Correlati

Nessun commento.

Il tuo commento

Meta

Related Web Site

Suggested Links

Honeynet.org Main Blog

Categorie

Archivi

Supporters

The Italian Honey Project

New ZeuS 1.x variant discovered- Is this the missing link?

Share this:

Correlati

Nessun commento.

Il tuo commento

Meta

Related Web Site

Suggested Links

Honeynet.org Main Blog

Categorie

Archivi

Supporters