zeus
Murofet, Zeus++ or just Zeus 2.1?
Fri, 10/15/2010 - 11:09 — guido.landiThe first one writing about this new threat was Marco Giuliani. So, Murofet or Zeus++?
Taking a look at a couple of samples we were able to identify:
- Same API hooks
- Same encryption routine for configuration file (RC4)
- Pretty much the same configuration file format
Trojan Carberp
Mon, 10/11/2010 - 12:16 — guido.landiI'm interested in infostealers and specifically in banking-trojans so I didn't want to miss this one. Samples of Carberp are floating around at least since last spring but in late September we saw such numbers increasing.
Taking a look at how Carberp hooks API it looks like yet another Zeus "clone". What I found interesting is how it hooks system calls. This is how a normal syscall looks like
We are a 501c3 non-profit, all volunteer organization. Consider donating to support our forensic challenges, tools development, and research.