ECAT and Zeus revisited: P2P edition

Our team likes to use variants of Zeus to test and demo ECAT’s capabilities. Zeus is definitely on the mature side for a malware family, yet its authors update Zeus on a regular basis, ensuring low AV detections with the most recent variants. Zeus is not targeted malware by any means, in fact quite the…

Whitehats vs. Blackhats: Techniques of the Cybercrime Elite Trickle Down to the Public Domain

Advances made in the cybercrime world over the past year prove that the trickle-down effect does not only apply to tablet computers and space tourism. Rather, much like real world products, techniques that were once reserved for the cybercrime elite have trickled down to the public domain, bestowing low-skilled botmasters with the same research-thwarting tools that not too long ago were used solely by malware experts.

Ice IX – Zeus v2.0 Derivative Does Not Cut Any Ice

Since the Zeus source code was leaked, one of the predictions security researchers were convinced of was that independent code writers, wishing to enter cybercrime coder’s world, would be glad to do it by using a ready-made baseline. One such code to have surfaced in underground and hacking forums soon after the code leak was Trojan Ice IX. But is it all what it is cracked up to be?

Fraudsters Point Their Guns at the Infrastructure

Warlike tactics are employed by each of the factions; security companies and financial institutions – the main defensive arm of the faction – build barricades to stop attackers. The fraudsters, on the other hand, try to outflank them by finding ways to circumvent these defenses, whether those are based on technology or on social engineering. Another tactic that is often used in real-life wars is the targeting of the enemy’s infrastructure.

Fraud News Flash: Bogus Ad for Zeus-SpyEye Hybrid Trojan published in Underground Forum

On Friday, January 14, 2011, McAfee posted a blog entry titled “Combined Zeus/SpyEye Toolkit Announced”, based on a fraud forum post by “Hardersell”, in which this individual supposedly offers the much-anticipated SpyEye-Zeus hybrid Trojan for sale. Hardersell’s comments were published in an open, low-grade Russian-speaking hacking/carding forum, making its credibility lower than the more prestigious, exclusive, closed Russian-speaking forums.

ZeusiLeaks Archives File 002: Alarm Bells

WikiLeaks, the largest leak of data the world has seen? Nonsense! Trojans like Zeus lurk on millions of personal, corporate and government PCs, stealing data 24 by 7. Everything you do online – either private or work related – is sent to a mother ship halfway across the globe.


I don’t know about you, but I was a bit disappointed with the whole WikiLeaks thingy. I mean, come on. The build up was brilliant: you would have thought we’ll finally have irrefutable evidence that a UFO landed in Roswell, that JFK’s assassination was indeed a CIA ploy, and that the 1969 moon landing was a NASA concocted hoax.