Protect your corporate IT network from hackers and other unwanted intruders with Proxy Sentinel™. Click here for all the details and get the peace of mind you deserve.
Back to our Homepage Proxy Sentinel™ high performance Internet proxy server and secure firewall solution Firewall Sentinel™ secure & powerful Internet firewall solution About Internet and GCIS Frequently Asked Questions on Internet security issues Internet Security Industry News - Stay informed of what's happening Contact Internet today and order your Proxy Sentinel™ or Firewall Sentinel™ server now!

Cybercrooks set up fake interfaces on their botnets

Add to     Digg this story Digg this

November 5, 2010

Some Internet hackers and cybercriminals are setting up fake interfaces on their botnets so as to confuse and send security authorities on a wild goose chase. And the tactic seems to be working, at least for now.

The fake honeypot scenario was brought into light by a group using a variant of the now infamous Zeus crimeware toolkit. The unknown criminals targeted quarterly federal taxpayers with fake emails that sought to trick prospective marks into visiting a website loaded with exploits on the pretext that there had been a problem with their tax returns.

If successful, the attack would have resulted in the infection of personal computers with variants of ZeuS primarily designed to capture and extract bank login details.

In between waiting for the drop of confidential IDs from compromised computers, the evil attackers set up a trap for security researchers. A bogus administrative panel hands out counterfeit statistics on the number of ZeuS-infected machines, as well as the ability to upload new bot malware, a feature designed to throw off security researchers or rival botnet operators in a tail spin.

"This admin interface acts as a 'hacker honeypot' that records detailed information about who attempted to access the admin console, as well as who attempted to hack into it," the post explains.

The deployment of the fake honeypot tactic in ZeuS-related malware operations is unlikely to be coincidental. The discovery of genuine ZeuS interfaces over recent months has been a major source of raw intelligence for security researchers.

Although we can't say for sure at this point it's even possible that this data led to the recent run of arrests of ZeuS crimeware suspects in the U.K., the U.S. and the Ukraine.

The phoney admin login accepts default or easily guessed login credentials. Just for good measure, the interface is also vulnerable to a simple SQL-injection vulnerability as well.

It seems the miscreants have thought about everything when they made that one.

Cybercrooks who use ZeuS as the weapon of choice for sniffing online banking credentials would doubtless be interested in frustrating this kind of researcher through the use of decoys. Viewed from this perspective, spying on what their opponents are up to would be a bonus for cybercrooks.

Additionally, since ZeuS is highly customizable in adding the additional honeypot hooks would have been no great chore.

Add to     Digg this story Digg this

Source: ISPNA.

Save Internet's URL to the list of your favorite web sites in your Web browser by clicking here.

You can link to the Internet Security web site as much as you like.

| Home | Proxy Sentinel™ | Firewall Sentinel™ | FAQ | News | Sitemap | Contact |
Copyright © Internet    Terms of use    Privacy agreement    Legal disclaimer

Get your Linux or Windows dedicated server today.