What is the Zeus malware?
Zeus, ZeuS, or Zbot is a trojan malware package used by attackers to steal sensitive data of users, especially banking credentials. It causes heavy financial losses to the users. This malware was first identified in July 2007 and has become more widespread since 2009. Attackers use this malware to create a botnet (What is a botnet?) and then use that to steal the victim’s banking credentials.
How does the Zeus malware infect a computer?
Zeus is one of the most widely known notorious malware used by attackers to create a botnet that silently harvests the financial data of the victims and sends it back to the attackers. Zeus is basically the name of the malware toolkit widely distributed and used by underworld miscreants to create information-stealing trojans.
A Zeus malware toolkit typically has the following components :
- Builder
- Configuration File
- Exe File
- Server
Builder
The builder is used by the miscreants to create the malware executable file and the configuration file. The malware usually uses an encryption mechanism to obfuscate itself.
Configuration File
The configuration file is downloaded at the time of execution of the executable malware code. It contains the following information along with some other information :
- URL from which the Zeus executable will be downloaded
- URL to which the stolen data of victims will be sent back
- A set of IP/domain pairs that will be written into the infected host file to hijack DNS requests of the victim’s computer
This configuration file is typically stored on the attackers’ server. The bot periodically queries the server to retrieve the information contained in the configuration file. A bot owner may upload a new configuration file to the server at any time to change the configuration.
Exe File
Different underworld botnet customers who use the same version of the Zeus toolkit typically have the same …
0 Comments