Zeus Botnet Is Likely To Increase It's Power Due To The Ease Of Obtaining The Software, As Well As The Use Of SMS, And Version 2.1
Executive Summary: It is likely that the Zeus Botnet will increase its power and continue to dominate cyber space by the simplicity of obtaining software, the use of mobile phones, mobile users who use their phone for banking and other personal records through SMS, and the new 2.1 version.
Discussion:
The ability to easily obtain the software needed to download and use the Zeus Botnet makes it a popular tool to commit cyber-crimes.(1) The Software is available on underground blogs and message boards (some public), where an individual may purchase the Zeus toolkit for about USD 500. This helps make Zeus popular amongst computer hackers. (2)
With new forms of the Zeus Botnet appearing, it's capabilities are strengthening dramatically. The Botnet propels the multi-faceted attack known as Zeus MITMO or man in the mobile, the new strain of malware.(3) Recently, hackers are targeting mobile phones to obtain usernames and passwords for accessing bank information. They do this by targeting BlackBerry and Symbian mobile phones, then intercepting SMS (short message service). The reason for this is to break the two-factor authentication that mobile bankers use to access their accounts. Once they have the username and password, they wait for the bank to send the temporary two-factor access to the victims phone. The botnet then forwards the information to the attacker. Once the attacker has this information, they can access the account. (4)
What makes this new strain of malware stronger than the last is the fact that it does not need to use previous phishing techniques to obtain personal information. In past versions of the botnet, the attack would have to lure the victim in and trick them with fake emails that try to get people to open malicious websites or attachments that have some kind of social engineering scheme. Once users click on this, the Trojan is installed in their computer. (5)
Derek Manky, project manager for security threat and research at Fortine, believes that it will only be a matter of time before exponential growth of attacks on smart phones occur. Mobile phones are becoming increasingly popular for day-to-day functions, that include sharing personal information for banking. Manky is not surprised by this because more people now have data plans that include internet usage. This increase makes mobile devices a large target for attacks. (6)
Sophisticated hackers are no longer needed to conduct attacks like these. People all over the world are able to purchase a kit for the Zeus Botnet in underground communities. They may download the kit to their own computer and begin infecting others. This is a reason why the Zeus Botnet is so difficult to defend against. (7)
It was reported on 20 October, 2010, that a new version of Zeus, version 2.1, was released by malware authors.(8) Version 2.1 adopts the Perl Compatible Regular Expressions (PCRE) C library. PCRE is used to imitate and implant regular expressions such as URL's. This makes it easier for Zeus to define it's targets. Version 2.1 also generates hundreds of URL's each day. This enables the user to change the URL of the botnet if it is shut down or blocked, to make it harder for authorities to track and dismember the Zeus botnet. (9)
Analytic Confidence: Analytic confidence for this assessment is medium. Source reliability ranges from medium to high. There some conflict between sources but no major disagreements. The analyst had low expertise, worked in a group and used the structured analytic method of ACH. The subject is moderately complex and the deadline was moderately demanding to meet.
Executive Summary:
It is likely that the Zeus Botnet will increase its power and continue to dominate cyber space by the simplicity of obtaining software, the use of mobile phones, mobile users who use their phone for banking and other personal records through SMS, and the new 2.1 version.
Discussion:
The ability to easily obtain the software needed to download and use the Zeus Botnet makes it a popular tool to commit cyber-crimes.(1) The Software is available on underground blogs and message boards (some public), where an individual may purchase the Zeus toolkit for about USD 500. This helps make Zeus popular amongst computer hackers. (2)
With new forms of the Zeus Botnet appearing, it's capabilities are strengthening dramatically. The Botnet propels the multi-faceted attack known as Zeus MITMO or man in the mobile, the new strain of malware.(3) Recently, hackers are targeting mobile phones to obtain usernames and passwords for accessing bank information. They do this by targeting BlackBerry and Symbian mobile phones, then intercepting SMS (short message service). The reason for this is to break the two-factor authentication that mobile bankers use to access their accounts. Once they have the username and password, they wait for the bank to send the temporary two-factor access to the victims phone. The botnet then forwards the information to the attacker. Once the attacker has this information, they can access the account. (4)
What makes this new strain of malware stronger than the last is the fact that it does not need to use previous phishing techniques to obtain personal information. In past versions of the botnet, the attack would have to lure the victim in and trick them with fake emails that try to get people to open malicious websites or attachments that have some kind of social engineering scheme. Once users click on this, the Trojan is installed in their computer. (5)
Derek Manky, project manager for security threat and research at Fortine, believes that it will only be a matter of time before exponential growth of attacks on smart phones occur. Mobile phones are becoming increasingly popular for day-to-day functions, that include sharing personal information for banking. Manky is not surprised by this because more people now have data plans that include internet usage. This increase makes mobile devices a large target for attacks. (6)
Sophisticated hackers are no longer needed to conduct attacks like these. People all over the world are able to purchase a kit for the Zeus Botnet in underground communities. They may download the kit to their own computer and begin infecting others. This is a reason why the Zeus Botnet is so difficult to defend against. (7)
It was reported on 20 October, 2010, that a new version of Zeus, version 2.1, was released by malware authors.(8) Version 2.1 adopts the Perl Compatible Regular Expressions (PCRE) C library. PCRE is used to imitate and implant regular expressions such as URL's. This makes it easier for Zeus to define it's targets. Version 2.1 also generates hundreds of URL's each day. This enables the user to change the URL of the botnet if it is shut down or blocked, to make it harder for authorities to track and dismember the Zeus botnet. (9)
Analytic Confidence:
Analytic confidence for this assessment is medium. Source reliability ranges from medium to high. There some conflict between sources but no major disagreements. The analyst had low expertise, worked in a group and used the structured analytic method of ACH. The subject is moderately complex and the deadline was moderately demanding to meet.
1. http://www.symantec.com/connect/blogs/evolution-zeus-botnet (High 53.31)
2. http://www.symantec.com/connect/blogs/evolution-zeus-botnet (High 53.31)
3. l http://securityblog.s21sec.com/2010/09/zeus-mitmo-man-in-mobile-i.html (High 58.98)
4. http://www.pcworld.com/businesscenter/article/206726/zeus_botnet_bust_shows_malware_is_all_about_money.htm (High 54.51)
5. http://www.symantec.com/connect/blogs/evolution-zeus-botnet (High 53.31)
6.http://www.networkworld.com/news/2010/092910-zeus-botnet-sms-banks.html (High 52.63)
7.http://www.networkworld.com/news/2010/092910-zeus-botnet-sms-banks.htm (High 52.63)
8.http://news.softpedia.com/news/Latest-ZeuS-Variant-Increases-Accuracy-with-Advanced-Regexs-162059.shtml (High 48.54)
9.http://securitywatch.eweek.com/botnets/attackers_improve_zeus_trojan_to_beat_security.html (High 56.53)