zeus

Response to "How Microsoft Appointed Itself Sheriff of the Internet" (Part 2)

In the first part of this two part blog post, the issue of anticipating retaliation during an aggressive battle to wrest control of a DDoS botnet was examined. In this part, the issues of dual standards, taking responsibility, and learning lessons to make positive change over time are examined.
 
Read full post here...

Murofet, Zeus++ or just Zeus 2.1?

The first one writing about this new threat was Marco Giuliani. So, Murofet or Zeus++?

Taking a look at a couple of samples we were able to identify:
- Same API hooks
- Same encryption routine for configuration file (RC4)
- Pretty much the same configuration file format

Trojan Carberp

I'm interested in infostealers and specifically in banking-trojans so I didn't want to miss this one. Samples of Carberp are floating around at least since last spring but in late September we saw such numbers increasing.

Taking a look at how Carberp hooks API it looks like yet another Zeus "clone". What I found interesting is how it hooks system calls. This is how a normal syscall looks like

MOV EAX,0xce                     // ZwResumeThread syscall id

Syndicate content