Share

Related Links

  • Krebs on Security
  • Reed Exhibitions Ltd is not responsible for the content of external websites.

Related Stories

  • Zeus malware appears with fake digital certificate
    A German IT security vendor has discovered a version of Zeus that has been signed with its own digital certificate – a move that could fool some corporates into installing the malware thinking it is a legitimate piece of code.
  • Turning the tables on SpyEye as it comes out of its hiding place
    Hard on the heels of the source code of Zeus being reportedly put up for sale at $100,000 it looks like SpyEye will become the malware of choice amongst cybercriminals. But, according to Mickey Boodaei, CEO of Trusteer, there are now new ways to defeat SpyEye.
  • Security researcher reports SpyEye and ZeuS gangs have merged
    Unconfirmed reports that the hacker coding gang behind the ZeuS trojan are now working with their SpyEye counterparts gained credence last night when security researcher Brian Krebs reported on the move.
  • How to take down rogue ISPs
    McAfee has released the sixth edition of its security journal and has been fortunate enough to have a feature contribution from ex-Washington Post IT security writer Brian Krebs, who has written about his experiences in taking down ISPs and botnets that support cybercriminal activity.
  • IT security products fail to tap Windows security features
    Security writer Brian Krebs says he has conducted a straw poll and analysis of the top IT security applications and found that large numbers of them fail to utilise the standard security features of Microsoft Windows.

Top 5 Stories

News

SpyEye and Zeus cybercriminals DDoS blast web security services

10 March 2011

It looks like the battle between the cybercriminals behind the recently twinned SpyEye plus Zeus malwares and the IT security industry is being won by the good guys/girls, as the developers behind the two trojan/botnet darkware applications are reportedly very frustrated with the success of ZeusTracker and SpyEyeTracker.

Security researcher Brian Krebs reports that Roman Hüssy's two sites - ZeusTracker and SpyEyeTracker - are having some success in assisting ISPs and companies to block infected machines from communicating with the Command & Control servers that control the botnet swarms.

Hüssy's sites, says the former Washington Post reporter, have been hit with countless distributed denial-of-service (DDoS) attacks from botmasters, apparently retaliating for having their network infrastructure listed by these services.

"At one point, someone wrote a fake suicide in Hüssy's name and distributed it to his family and friends, prompting local police to rouse him from slumber to investigate his well-being. But, those attacks haven't deterred Hüssy or sidelined his services", he notes.

And now, says Krebs, the attackers are beginning to consider stealthier and more diabolical ways to strike back.

"A series of discussions on an uber-exclusive Russian language forum that caters to identity and credit card thieves reveal that botmasters are becoming impatient in their search for a solution that puts Hüssy and/or his tracking services out of commission once and for all", he said in his latest security blog.

Krebs says that he caught up with Hüssy via instant message earlier this week and asked whether he'd seen any SpyEye or ZeuS configuration files seeded with legitimate sites. "He just laughed."

"ZeusTracker checks if a command and control server is really up before adding it to the blocklist," he told the security researcher. "These guys have no clue how ZeusTracker works."

Krebs quotes one potentially cybercriminal poster on the Russian security forum as "wryly noting that having ZeusTracker and SpyEyeTracker around isn't all bad, because it tends to do a good job of killing off botnets run by novice hackers who don't know to watch out for the services."

This article is featured in:
Internet and Network Security  •  Malware and Hardware Security

 

Comment on this article

You must be registered and logged in to leave a comment about this article.

We use cookies to operate this website and to improve its usability. Full details of what cookies are, why we use them and how you can manage them can be found by reading our Privacy & Cookies page. Please note that by using this site you are consenting to the use of cookies. ×