Results 1 to 1 of 1
-
12th Jun 2014, 12:18 PM #1
ZeuS Replacement Found in Underground Forums
Called Pandemiya, the new Trojan has been coded from scratch in about a year and includes protective measures to avoid detection by automated network analyzers.
Researchers at RSA Security reveal that Pandemiya is currently advertised on the cyber black market for the price of $1,500 (1,100 EUR); this is only for the core application, and a complete package, with additional functions provided by plug-in components, costs $2,000 (1,480 EUR).
Although it shares plenty of features with the infamous ZeuS, this is not one of its variants, as all the lines of code (over 25,000) are original.
The threat is designed to allow the botmaster to spy on an infected system and get form data and login credentials, as well as take snapshots of the screen.
Additional sensitive information can be obtained by injecting fake pages into the web browser (Google Chrome, Internet Explorer or Mozilla Firefox), thus tricking the victims into providing the details themselves.
Data gathered from the infected machine is sent to the control server in an encrypted form, using dynamic content and URI as an evasive measure against network analyzers.
According to RSA, among the default features included in Pandemiya there is “signing of the botnet files to protect them from being hijacked by other fraudsters, and from being analyzed by security analysts or law enforcement.”
However, the core functionality can be expanded through plug-in components that provide reverse proxy, FTP stealing and PE infecting capabilities.
Additional add-ons, currently in experimental stage, include a reverse hidden RDP and a Facebook spreader. The latter relies on Facebook credentials stolen from the victim to spread malicious links to friends.
Stopping the activity of the infection is not too difficult, as RSA says that the threat creates an executable file under “Application Data” folder and a new value for it in the HKEY_LOCAL_USER\Software\Microsoft\Windows\Current Version\Run registry key.
Next in the installation process is placing a DLL with a random name in the System32 folder and creating a registry value for it in HKEY_LOCAL_MACHINE\System\CurrentControlSet\Contro l\Session Manager\AppCertDlls.
One peculiarity noted by the RSA researchers is that the last installation step “uses a not-so-well documented Windows security function – Windows will make every process run through the CreateProcess API, and load all of the DLLs under this registry key. Pandemiya makes use of this to inject itself into every new process that is initiated.”
At the moment, Pandemiya has not risen in popularity, but considering that law enforcement and security firms focus on ZeuS variants, the threat’s modular architecture could boost its distribution.
Kepler Reviewed by Kepler on . ZeuS Replacement Found in Underground Forums http://i.imgur.com/G9QCeq9.png Called Pandemiya, the new Trojan has been coded from scratch in about a year and includes protective measures to avoid detection by automated network analyzers. Researchers at RSA Security reveal that Pandemiya is currently advertised on the cyber black market for the price of $1,500 (1,100 EUR); this is only for the core application, and a complete package, with additional functions provided by plug-in components, costs $2,000 (1,480 EUR). Rating: 5
Sponsored Links
Thread Information
Users Browsing this Thread
There are currently 1 users browsing this thread. (0 members and 1 guests)
Similar Threads
-
Need Someone to Be my partner In new Forum
By nolimit in forum Community CooperativeReplies: 7Last Post: 19th Aug 2009, 10:31 AM -
Post in this forum no rules!!
By ravi_4289 in forum Community CooperativeReplies: 0Last Post: 19th Jul 2009, 10:19 AM -
would you hide links in your forum?
By hscorp in forum Webmaster DiscussionReplies: 13Last Post: 26th Mar 2009, 05:10 PM -
[WTS] Banners (460x60/ 720x90) and Text Links in Warez Forum
By Harshadewa in forum Completed TransactionsReplies: 5Last Post: 10th Nov 2008, 07:26 PM -
Any bugs or errors in my forum?
By Vovachka in forum Webmaster DiscussionReplies: 13Last Post: 2nd Feb 2008, 11:47 PM
themaManager - edit and manage...
Version 4.04 released. Open older version (or...