Home Code Snippets Oracle Reference Oracle Functions Oracle Error Codes Forum Oracle Jobs Oracle Blogs

Zeus Botnet Traps Researchers With Honeypot

The authors of a recent Zeus Trojan exploit, which targeted federal taxpayers, also set up a special honeypot trap for researchers who might investigate the attack. They set up a phony "administrative panel" that fed the researchers fake statistics on the number of Zeus-infected machines, as well as fake "botnet" software that actually gathered intelligence on any researcher who downloaded it. But wait, it gets better!

In addition to trapping researchers, the honeypot also targeted other botnet competitors, gathering information about them for later use too. So it turns out that there is no "honor among thieves". Who could have guessed?

According to an article on DarkReading.com by Kelly Jackson Higgins,

"Brett Stone-Gross, a researcher with The Last Line of Defense, discovered that attackers had set up a ruse for those trying to hack or access its administrative interface for the malware after studying the back-end malware server used in the EFTPS attack. The purpose appeared to be all about providing false information. Stone-Gross says the toolkit used in the attack came with an administrative interface that acts as a hacker's honeypot of sorts, gathering intelligence about the researchers or other users who try to access the console login or hack into it.

The login system to the "admin panel" practically begs to be hacked: It accepts default and easily guessed passwords as well as common SQL injection strings, according to Stone-Gross."

In other words, they made it easy to break into, but not so easy as to be obvious. Looks like at least one botnet crime group has been taking a Marketing course.

This entry was posted in Uncategorized and tagged , , . Bookmark the permalink. Follow any comments here with the RSS feed for this post. Both comments and trackbacks are currently closed.