• Trend Micro
  • About TrendLabs Security Intelligence Blog
Search:
  • Home
  • Categories
    • Ransomware
    • Vulnerabilities
    • Exploits
    • Targeted Attacks
    • Deep Web
    • Mobile
    • Internet of Things
    • Malware
    • Bad Sites
    • Spam
    • Botnets
    • Social
    • Open source
Home   »   Botnets   »   Trend Micro Sinkholes and Eliminates a ZeuS Botnet C&C

Trend Micro Sinkholes and Eliminates a ZeuS Botnet C&C

  • Posted on:March 30, 2011 at 5:51 am
  • Posted in:Botnets, Malware
  • Author:
    David Sancho and Rainer Link (Senior Threat Researchers)
4

In February 2011, we successfully collaborated with CDMON, a registrar, to gain control of a ZeuS botnet command-and-control (C&C) server, thereby rendering it ineffective. Our success gave us the opportunity to capture valuable research information about the bot (compromised computer) types under its control.

ZeuS is a notorious crimeware toolkit that is prolifically used by cybercriminals to instigate monetary and online banking information theft.

ZeuS does not, however, refer to a single botnet. Instead, it refers to a collection of botnets created and controlled by multiple cybercriminals using variations of the same toolkit and malware family—ZeuS.

The information we collected will help us in our mission to better protect users while providing valuable insights into the types of information cybercriminals steal.

Sinkholing Results

In our sinkholing activity, we found that over 95 percent of the inbound requests to the C&C server came from South America, particularly from Mexico. This indicates that the bot may have originated from Latin America or was created using the Spanish language. Its creator may have decided to target banks in Mexico and Chile as well, as these often still used single-factor authentication to secure their customers’ accounts.

While this particular botnet targeted Mexico, it’s worth noting that there is at least one comparable botnet targeting every major developed nation in the world.

Of course, some countries are more likely to be targeted than others—population, Internet access, language, social trends, and other factors have an effect. Remember, all that stands between a cybercriminal and a botnet targeting a country of his choice is a few hundred dollars worth of toolkits.

For further information regarding the data we analyzed and how we successfully sinkholed this botnet’s C&C server, read our technical paper, “Sinkholing Botnets.”

Learn how to protect Enterprises, Small Businesses, and Home Users from ransomware:
ENTERPRISE »
SMALL BUSINESS»
HOME»

Security Predictions for 2020

  • Cybersecurity in 2020 will be viewed through many lenses — from differing attacker motivations and cybercriminal arsenal to technological developments and global threat intelligence — only so defenders can keep up with the broad range of threats.
    Read our security predictions for 2020.

Business Process Compromise

  • Attackers are starting to invest in long-term operations that target specific processes enterprises rely on. They scout for vulnerable practices, susceptible systems and operational loopholes that they can leverage or abuse. To learn more, read our Security 101: Business Process Compromise.

Recent Posts

  • Our New Blog
  • How Unsecure gRPC Implementations Can Compromise APIs, Applications
  • XCSSET Mac Malware: Infects Xcode Projects, Performs UXSS Attack on Safari, Other Browsers, Leverages Zero-day Exploits
  • August Patch Tuesday Fixes Critical IE, Important Windows Vulnerabilities Exploited in the Wild
  • Water Nue Phishing Campaign Targets C-Suite’s Office 365 Accounts

Popular Posts

Sorry. No data so far.

Stay Updated

  • Home and Home Office
  • |
  • For Business
  • |
  • Security Intelligence
  • |
  • About Trend Micro
  • Asia Pacific Region (APAC): Australia / New Zealand, 中国, 日本, 대한민국, 台灣
  • Latin America Region (LAR): Brasil, México
  • North America Region (NABU): United States, Canada
  • Europe, Middle East, & Africa Region (EMEA): France, Deutschland / Österreich / Schweiz, Italia, Россия, España, United Kingdom / Ireland
  • Privacy Statement
  • Legal Policies
  • Copyright © Trend Micro Incorporated. All rights reserved.