Godlike Productions - Discussion Forum
Users Online Now: 1,599 (Who's On?)Visitors Today: 188,660
Pageviews Today: 349,437Threads Today: 145Posts Today: 2,275
05:27 AM


Rate this Thread

Absolute BS Crap Reasonable Nice Amazing
 

Report: Zeus Flips Kill Switch On More Than 100,000 PCs

 
falldown
Offer Upgrade

User ID: 520470
United States
05/11/2009 11:39 PM
Report Abusive Post
Report Copyright Violation
Report: Zeus Flips Kill Switch On More Than 100,000 PCs
[link to www.darkreading.com]

According to a report in Friday's Washington Post, the Zeus control server was witnessed issuing the kill command -- sometimes called the "nuclear option" -- effectively self-destructing the botnet and the PCs that helped create it. Despite the blue screen, the PCs' hard drives were not irrepairable, according to reports.

Experts agreed that many botnets have the ability to execute such a command, but they very seldom do because most live by the data and processing resources they get from their component zombie machines. Although botnets have been used to launch denial-of-service (DOS) attacks on servers or networks, there is little record of them being used to launch this sort of "blue screen" attack against their constituents.

It's possible that the botnet was attacked by a rival group, or that its operators wanted to shut down the network quickly and temporarily, experts say. Some experts even speculate that the kill command may have been triggered by mistake.

The Zeus network was hit with a number of DOS attacks following the triggering of the kill switch, and the botnet is now effectively inoperative, according to reports.
~
~
"He who does not understand your silence will probably not understand your words." ~Elbert Hubbard
Anonymous Coward
User ID: 677187
Germany
05/11/2009 11:49 PM
Report Abusive Post
Report Copyright Violation
Re: Report: Zeus Flips Kill Switch On More Than 100,000 PCs
only affected PCs were of course driven by Windows NT/2000/XP where users were on the internet while using administrative accounts.

the infection took place using exploits in Internet Explorer versions 5,6 and 7.

The bot installs itself as a rootkit which is invisible opening ports and loads code down to the pc. Once the code is operative the pc is a zombie, remote controlled for whatever reasons. It can install keyloggers and software that makes snapshots of your screen, it sends every single typed word to its author, the botnet-admin.

Once the pc is useless or in danger of being revealed it triggers its self-kill command :

the bot deletes the registry entries plus its subkeys :

HKEY_LOCAL_MACHINE/SOFTWARE and HKEY_LOCAL_MACHINE_SYSTEM/

which effectively deletes all Operating System info that WIndows needs to boot and operate - basically WIndows is braindead after such registry editing-

that's when it can only display it's SOS signal : the Blue Screen of Death.

The only cure is a fresh new install - and hoepfully a user that has learned his lesson well..
falldown  (OP)

User ID: 520470
United States
05/12/2009 01:19 AM
Report Abusive Post
Report Copyright Violation
Re: Report: Zeus Flips Kill Switch On More Than 100,000 PCs
only affected PCs were of course driven by Windows NT/2000/XP where users were on the internet while using administrative accounts.

the infection took place using exploits in Internet Explorer versions 5,6 and 7.

The bot installs itself as a rootkit which is invisible opening ports and loads code down to the pc. Once the code is operative the pc is a zombie, remote controlled for whatever reasons. It can install keyloggers and software that makes snapshots of your screen, it sends every single typed word to its author, the botnet-admin.

Once the pc is useless or in danger of being revealed it triggers its self-kill command :

the bot deletes the registry entries plus its subkeys :

HKEY_LOCAL_MACHINE/SOFTWARE and HKEY_LOCAL_MACHINE_SYSTEM/

which effectively deletes all Operating System info that WIndows needs to boot and operate - basically WIndows is braindead after such registry editing-

that's when it can only display it's SOS signal : the Blue Screen of Death.

The only cure is a fresh new install - and hoepfully a user that has learned his lesson well..
 Quoting: Anonymous Coward 677187

Well, technically you could make a backup of your registry, boot a Linux LiveCD and copy the backup to the drive and be up and running again a few minutes later...

...but these are Windows users we're talking about, they need a Playskool-looking user interface, or they get all discombobulated.

grinning
~
~
"He who does not understand your silence will probably not understand your words." ~Elbert Hubbard
Anonymous Coward
User ID: 666122
United States
05/12/2009 01:50 AM
Report Abusive Post
Report Copyright Violation
Re: Report: Zeus Flips Kill Switch On More Than 100,000 PCs
np here win2000
Whee! 8D (Quebec)

User ID: 675250
Canada
05/12/2009 02:02 AM
Report Abusive Post
Report Copyright Violation
Re: Report: Zeus Flips Kill Switch On More Than 100,000 PCs
which effectively deletes all Operating System info that WIndows needs to boot and operate - basically WIndows is braindead after such registry editing-
 Quoting: Anonymous Coward 677187


*Imagined a human having its brain sucked with a vaccuum*

Last Edited by Whee! 8D on 05/12/2009 02:02 AM
The world woud be a thousand times better place if more cults existed.
 Quoting: Anonymous Coward 673558
falldown  (OP)

User ID: 520470
United States
05/12/2009 02:08 AM
Report Abusive Post
Report Copyright Violation
Re: Report: Zeus Flips Kill Switch On More Than 100,000 PCs
which effectively deletes all Operating System info that WIndows needs to boot and operate - basically WIndows is braindead after such registry editing-

********

*Imagined a human having its brain sucked with a vaccuum*
 Quoting: Whee! 8D (Quebec)

lol Oh, you mean television! chuckle
~
~
"He who does not understand your silence will probably not understand your words." ~Elbert Hubbard





GLP