Zeus builder source codes that were previously found were compressed and encrypted files on the internet, but without decrypt password, those files haven’t been being used so far.
From today, available sources’ sharing officially has been confirmed.
INCA Internet Emergency Response Team already got the original Zeus source code on May 2 which began spreading from May 11, started to develop blocking technique and detailed analysis. When the INCA Internet found the source code, fortunately, the password hasn’t been shared yet.
Since spreading files to release encrypted source code will help user easily decode, variants of Trojan horse targeting online banking will be increased exponentially. In addition, the threats of Bot-Net consisted of malicious files are relatively high.
Therefore, "A comprehensive security review” is required to minimize security threats on online banking involved with Zeus malicious file.
2. Disclose decompressed version Zeus source code
Following figure was captured by INCA Internet Emergency Response Team. It shows that a Indian hacker uploaded Zeus source code in his web site and set the link including encryption password on his twitter. With the retweet function in Twitter, various routes including SNS, hacking forums are now still available.
This following figure is the Zeus source code in certain website.
Downloading is available via shared domain found by us, and password spread on his twitter also can role as a key of that compressed file.
Based on our analysis, comparison between our source code and currently prevalent source code, the source code, compressed file found lately, was almost same but just excluding Russian document file.
In addition, if you trying to build source code, you can see Zeus Package Builder screen as following and can build.
3. Easy to make Zeus variant malicious file
Zeus malicious file can be detected and treated by latest version of nProtect Anti-Virus with the diagnosis name of Zbot. The more worsen is emerging and spreading similar variants of Zbot, and spreading Builder source program will copy variants uncountable.
Furthermore, various versions of builders are used to make malicious file.
Because source code can change the builder tool to be able to develop malicious file, the technique to block at source level is needed.
Following figure shows that leaked source can work. Malicious files configuration is in Actions part and it can aim for various online banking web site.
4. How to respond
We tested simple procedure with using latest malicious file built by this Zeus builder. nProtect KeyCrypt, Keyboard security solution of INCA Internet, protected inputted key with the result of web page password key inputting test.
General user can hardly notice something happened in his PC while spreading malicious file.
To use PC safely from security threats of these malicious files, we recommend following tips "Security management tips" for general users.
Security management tips
1. Maintain the latest security update on OS and applications
2. Use anti-virus SW from believable security company and keep updating the latest engine and using real time detecting function
3. Do not see and download attached file from suspicious e-mail.
4. Keep caution to link from instant messenger and SNS.
1. Maintain the latest security update on OS and applications
2. Use anti-virus SW from believable security company and keep updating the latest engine and using real time detecting function
3. Do not see and download attached file from suspicious e-mail.
4. Keep caution to link from instant messenger and SNS.
INCA Internet (Security Response Center / Emergency Response Team) provides diagnosis/treatment function such as malicious file stated above and runs responding system 24 hours against various security threats.
شركات نقل العفش من جدة الى الاردن
ReplyDeleteشركة مكافحة العتة بجدة
شركة تنظيف وجلي بلاط بجده
شركة كشف تسربات المياه بجدة
شركة تخزين عفش بجدة
شركة تنظيف فلل بجدة
شركة مكافحة الصراصير بجدة
شركة مكافحة الفئران بجدة
شركة مكافحة بق الفراش بجدة
شركة تنسيق حدائق جدة
شركة تنظيف مدارس بجدة
شركة نقل عفش بجدة
شركة تنظيف واجهات حجر بجدة
شركة تنظيف كنب بجدة
شركة تنظيف اثاث بجدة
شركة تنظيف شقق بجدة
On the off chance that you do, you can expect that the TV and internet bundles you observe will be well inside your preferring.Verizon Fios Double Play
ReplyDeleteYou need to examine this blog article for some info on how to get a good job online. I think this could save you in the future. Good luck
ReplyDeleteGreat Article
ReplyDeleteNetwork Security Projects for CSE
JavaScript Training in Chennai
Project Centers in Chennai
JavaScript Training in Chennai
Realizing, I understand that it is difficult for others to learn, but it’s not at all for me, because half of the hard work is done on this site https://writingpro.org/resume-writing-service, they do not only essays but also various abstracts
ReplyDelete