New Version Of Zeus Leverages Peer-To-Peer Technology

Update could make it more difficult to take down fraud operations, researcher says

The popular Zeus malware has been enhanced with a peer-to-peer technology that allows it to receive orders without going through a central command-and-control (C&C) server -- an enhancement that could make it harder to track and take down, researchers say.
According to
news reports
, the new version of the Murofet ZeuS variant could make it harder for researchers and law enforcement to disrupt botnets by finding and disrupting their C&C servers.
As with any set of tools, many different things can be built or modified -- and so it goes with the latest variant of Zeus to make the rounds, says Andy Hayter, anti-malcode program manager at ICSA Labs, which tests security products. Going from random creation of domain names, this new variant uses hard-coded IP addresses to help spread, update, and infect additional computers.
The new Zeus malware is designed to attack online banking customers with the intent of stealing their data, experts said. With the growing popularity of mobile banking applications, portable devices could be a key target.
Zeus is the flagship of mobile malware, says Tom Kellermann, CTO at mobile security vendor AirPatrol. Zeus is ushering in the era of mobile attacks because of the mobile banking phenomenon. This should serve as a cautionary tale to the financial sector. The bank robbers of 2011 have commandeered your armored truck.
Since it now uses P2P, Murofet no longer uses a static URL to download binary updates and configuration files, researchers and news reports say. But it still uses a central domain, so while the new version might be harder to track, its not unbeatable, they say.
P2P functionality makes [the new variant] much more resilient to takedown efforts and gives its controllers flexibility in how they run their fraud operations, says Swiss researcher Roman Hussy, in his
blog
.
Hussy, who has created services that track Zeus and SpyEye, says its unlikely that the new variant will become a popular item for sale on the black market.
So are we talking about a new Zeus version, which we will see being sold in the underground soon? I don’t think so, Hussys blog says. This seems to be just another custom build. But there is one thing that makes this custom build unique: This build is much more sophisticated than all other Zeus builds I’ve seen before.
Have a comment on this story? Please click Comment below. If youd like to contact
Dark Readings
editors directly,
send us a message
.

Last News
▸ ArcSight prepares for future at user conference post HP acquisition. ◂ Discovered: 07/01/2025 Category: security	▸ Samsung Epic 4G: First To Use Media Hub ◂ Discovered: 07/01/2025 Category: security	▸ Many third-party software fails security tests ◂ Discovered: 07/01/2025 Category: security

**Cyber Security Categories**
Google Dorks Database	Exploits Vulnerability	Exploit Shellcodes

CVE List

Tools/Apps

News/Aarticles

Phishing Database

Deepfake Detection

Trends/Statistics & Live Infos

Tags:
New Version Of Zeus Leverages Peer-To-Peer Technology