Distributed C2 is a feature that was originally considered by the malware author in the ZeuS 1.4/2.0 beta program, but was scrapped in final version 2.0.x, due to the lack of demand among ZeuS customers, in contrast to the significant programming and testing time. It was re-featured in the recent distribution of the ZeuS 2.2/3.0 beta program.
The "Gameover" version of ZeuS also supports the use of complex web injections that allow the attacker to carry out Man-in-the-Browser (MITB) attacks to bypass multi-factor authentication mechanisms. The ZeuS author has also included a component for Distributed Denial of Service (DDoS) attacks.
Gameover has been used as follows: First, financial institutions are the target of DDoS attacks on their online banking sites. These attacks were timed to coincide shortly after some accounts belonging to those financial institutions fell victim to fraud.
These DDoS attacks provide the double effect of distraction; on the one hand, to the financial institution, and on the other to the customer to log into their account and notice the fraudulent activity.
Commonly affected financial accounts are business accounts that use the Automated Clearing House (ACH) service and bank transfer payment services. As reported, in some instances, the stolen funds were bank transfers to jewelry stores, where the criminal arranged with someone to collect merchandise with a value equal to the amount of the transferred funds. Summary to show
Translated from: Help Net Security
Source: UNAM-SSI
Leave your comment