Posted by laurenbcloseAuthor: laurenb Name: Lauren Boutette
Email: laurenb@interwork.com
Site: http://www.interwork.com
About: See Authors Posts (164) @ Wed, 30 Mar 2011 12:51:37 -0400

Study conducted by David Sancho and Rainer Link (Senior Threat Researchers)

In February 2011, Trend successfully collaborated with a registrar to gain control of a ZeuS botnet command-and-control (C&C) server, thereby rendering it ineffective. Their success gave them the opportunity to capture valuable research information about the bot (compromised computer) types under its control.

ZeuS is a notorious crimeware toolkit that is prolifically used by cybercriminals to instigate monetary and online banking information theft.

ZeuS does not, however, refer to a single botnet. Instead, it refers to a collection of botnets created and controlled by multiple cybercriminals using variations of the same toolkit and malware family—ZeuS.

The information they collected will help them in their mission to better protect users while providing valuable insights into the types of information cybercriminals steal.

Sinkholing Results

In their sinkholing activity, they found that over 95 percent of the inbound requests to the C&C server came from South America, particularly from Mexico. This indicates that the bot may have originated from Latin America or was created using the Spanish language. Its creator may have decided to target banks in Mexico and Chile as well, as these often still used single-factor authentication to secure their customers’ accounts.

While this particular botnet targeted Mexico, it’s worth noting that there is at least one comparable botnet targeting every major developed nation in the world.

Of course, some countries are more likely to be targeted than others—population, Internet access, language, social trends, and other factors have an effect. Remember, all that stands between a cybercriminal and a botnet targeting a country of his choice is a few hundred dollars worth of toolkits.

For further information regarding the data Trend Micro analyzed and how they successfully sinkholed this botnet’s C&C server, read their technical paper, “Sinkholing Botnets.”

Search

Recent Posts

• What’s next OpenText?
• WatchGuard Receives Information Technology Industry’s “2012 World’s Best” Award for Security Hardware
• Attachmate Verastream helps Freightliner become a 21st century logistics company
• Aastra 6750i Series - Hardware Overview
• VASCO DIGIPASS as a Service for SalesForce.com

Categories

• Aastra
• Active Directory
• Android
• Application Control
• Asset Management
• Attachmate
• Authentication
• Beyond Security
• Call Recording
• Circadence
• Cloud Computing
• Cloud Storage
• CMS Products
• Collaboration
• CompTIA
• Connectivity
• CTERA
• Cyberoam
• Data Loss Prevention
• Data Security
• Desktop Management
• EdgeWave
• Email
• End Point
• Energy Efficiency
• Exchange Server Solutions
• Firewall
• ICOS Technology
• Ingate
• Ingate Systems
• Instant Messaging
• Integration
• Internet Content
• interwork
• IP PBX
• IP Phones
• Jabra
• Medical Imaging
• microsoft
• my.interwork.com
• Network Management
• NovaStor
• novell
• Open Text
• Panda Security
• PoE Switches
• Polycom
• Positron
• promotions
• Reporting
• Route Analytics
• Sangoma
• SC Magazine
• Scale Computing
• ScriptLogic
• SIP Trunking
• snom technology
• Storage
• Storage Protection
• Sustainability
• Switches & Gateways
• Systems Management
• Terminal Emulation
• trend micro
• UM Labs
• Uncategorized
• Unified Messaging
• UTM
• Vasco
• Veba
• Verba
• virtualization
• Virtualization Security
• Voice Over IP
• Voice Transcoding
• VoIP
• WAN Optimization
• WatchGuard
• Web Analytics
• XTM

Archives

• May 2012
• April 2012
• March 2012
• February 2012
• January 2012
• December 2011
• November 2011
• October 2011
• September 2011
• August 2011
• July 2011
• June 2011
• May 2011
• April 2011
• March 2011
• February 2011
• January 2011
• December 2010
• November 2010
• October 2010
• August 2010
• July 2010
• June 2010
• May 2010
• April 2010
• March 2010
• February 2010
• January 2010
• December 2009
• November 2009
• October 2009
• September 2009
• August 2009
• July 2009
• June 2009
• May 2009
• April 2009
• March 2009
• February 2009
• December 2008
• November 2008
• September 2008