Report: Zeus Flips Kill Switch On More Than 100,000 PCs

Users Online Now: 2,233 (Who's On?)		Visitors Today: 1,399,741
Pageviews Today: 2,017,077	Threads Today: 566	Posts Today: 10,873
04:27 PM

Page 1 Bottom Search Replies Previous Page Next Page
Search Terms: Highlight Matches
Report: Zeus Flips Kill Switch On More Than 100,000 PCs
falldown Offer Upgrade User ID: 520470 United States 05/11/2009 11:39 PM Report Abusive Post Report Copyright Violation	Report: Zeus Flips Kill Switch On More Than 100,000 PCs [link to www.darkreading.com] According to a report in Friday's Washington Post, the Zeus control server was witnessed issuing the kill command -- sometimes called the "nuclear option" -- effectively self-destructing the botnet and the PCs that helped create it. Despite the blue screen, the PCs' hard drives were not irrepairable, according to reports. Experts agreed that many botnets have the ability to execute such a command, but they very seldom do because most live by the data and processing resources they get from their component zombie machines. Although botnets have been used to launch denial-of-service (DOS) attacks on servers or networks, there is little record of them being used to launch this sort of "blue screen" attack against their constituents. It's possible that the botnet was attacked by a rival group, or that its operators wanted to shut down the network quickly and temporarily, experts say. Some experts even speculate that the kill command may have been triggered by mistake. The Zeus network was hit with a number of DOS attacks following the triggering of the kill switch, and the botnet is now effectively inoperative, according to reports. ~ ~ "He who does not understand your silence will probably not understand your words." ~Elbert Hubbard

Anonymous Coward User ID: 677187 Germany 05/11/2009 11:49 PM Report Abusive Post Report Copyright Violation	Re: Report: Zeus Flips Kill Switch On More Than 100,000 PCs only affected PCs were of course driven by Windows NT/2000/XP where users were on the internet while using administrative accounts. the infection took place using exploits in Internet Explorer versions 5,6 and 7. The bot installs itself as a rootkit which is invisible opening ports and loads code down to the pc. Once the code is operative the pc is a zombie, remote controlled for whatever reasons. It can install keyloggers and software that makes snapshots of your screen, it sends every single typed word to its author, the botnet-admin. Once the pc is useless or in danger of being revealed it triggers its self-kill command : the bot deletes the registry entries plus its subkeys : HKEY_LOCAL_MACHINE/SOFTWARE and HKEY_LOCAL_MACHINE_SYSTEM/ which effectively deletes all Operating System info that WIndows needs to boot and operate - basically WIndows is braindead after such registry editing- that's when it can only display it's SOS signal : the Blue Screen of Death. The only cure is a fresh new install - and hoepfully a user that has learned his lesson well..
falldown (OP) User ID: 520470 United States 05/12/2009 01:19 AM Report Abusive Post Report Copyright Violation	Re: Report: Zeus Flips Kill Switch On More Than 100,000 PCs only affected PCs were of course driven by Windows NT/2000/XP where users were on the internet while using administrative accounts. the infection took place using exploits in Internet Explorer versions 5,6 and 7. The bot installs itself as a rootkit which is invisible opening ports and loads code down to the pc. Once the code is operative the pc is a zombie, remote controlled for whatever reasons. It can install keyloggers and software that makes snapshots of your screen, it sends every single typed word to its author, the botnet-admin. Once the pc is useless or in danger of being revealed it triggers its self-kill command : the bot deletes the registry entries plus its subkeys : HKEY_LOCAL_MACHINE/SOFTWARE and HKEY_LOCAL_MACHINE_SYSTEM/ which effectively deletes all Operating System info that WIndows needs to boot and operate - basically WIndows is braindead after such registry editing- that's when it can only display it's SOS signal : the Blue Screen of Death. The only cure is a fresh new install - and hoepfully a user that has learned his lesson well.. Quoting: Anonymous Coward 677187 Well, technically you could make a backup of your registry, boot a Linux LiveCD and copy the backup to the drive and be up and running again a few minutes later... ...but these are Windows users we're talking about, they need a Playskool-looking user interface, or they get all discombobulated. ~ ~ "He who does not understand your silence will probably not understand your words." ~Elbert Hubbard
Anonymous Coward User ID: 666122 United States 05/12/2009 01:50 AM Report Abusive Post Report Copyright Violation	Re: Report: Zeus Flips Kill Switch On More Than 100,000 PCs np here win2000

Whee! 8D (Quebec) User ID: 675250 Canada 05/12/2009 02:02 AM Report Abusive Post Report Copyright Violation	Re: Report: Zeus Flips Kill Switch On More Than 100,000 PCs which effectively deletes all Operating System info that WIndows needs to boot and operate - basically WIndows is braindead after such registry editing- Quoting: Anonymous Coward 677187 Imagined a human having its brain sucked with a vaccuum Last Edited by Whee! 8D on 05/12/2009 02:02 AM The world woud be a thousand times better place if more cults existed. Quoting: Anonymous Coward 673558
falldown (OP) User ID: 520470 United States 05/12/2009 02:08 AM Report Abusive Post Report Copyright Violation	Re: Report: Zeus Flips Kill Switch On More Than 100,000 PCs which effectively deletes all Operating System info that WIndows needs to boot and operate - basically WIndows is braindead after such registry editing- ******** Imagined a human having its brain sucked with a vaccuum Quoting: Whee! 8D (Quebec) Oh, you mean television! ~ ~ "He who does not understand your silence will probably not understand your words." ~Elbert Hubbard
Page 1 Top Previous Page Next Page

Related Threads

GLP