Risk
10/15/2010
04:16 PM
George V. Hulme
George V. Hulme
Commentary
50%
50%

Microsoft Steps Up To Dethrone Zeus

Microsoft is throwing another punch at this most nasty and extremely active botnet.

Microsoft is throwing another punch at this most nasty and extremely active botnet.Early this month there was a flurry of arrests surrounding a cybercrime gang utilizing the dangerous triad of exploits, botnets, and money mules.

From Feds Bust Zeus Financial Cybercrime Ring earlier this month:

Federal and state authorities announced Thursday that they have charged numerous people in connection with a global cybercrime scheme using the Zeus financial malware toolkit to steal $3 million from U.S. bank accounts. The investigation was dubbed "Operation ACHing Mule," alluding to the attackers' use of Automatic Clearing House fraud, as well as "money mules" to move money.

According to Manhattan district attorney Cyrus Vance Jr., "this advanced cybercrime ring is a disturbing example of organized crime in the twenty-first century -- high-tech and widespread."

To help fight the Zeus botnet, Microsoft has added Zeus detection to its Malicious Software Removal Tool, or MSRT. MSRT is a free anti-malware tool that is released on patch Tuesday and scans most versions of Microsoft Windows for malware to disinfect.

From Microsoft's Malware Protection Center blog, it does seem the software maker is bent on ridding the world of as many Zeus infections as possible:

This family is quite prolific even if the intent behind some of the botnets is unclear. That said, we find ourselves knocking on Zbot's door this month, and we're glad we are. Zbot is the latest addition to MSRT's ever-growing list of malware, and we hope to continue protecting the Windows ecosystem with this new family firmly in our sights.

However, as Dark Reading points out in this post, Zeus isn't the only threat, botnets such as Bugat and Carberp also pose serious threats.

Comment  | 
Print  | 
More Insights
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
Flash Poll
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2014-2329
Published: 2015-08-31
Multiple cross-site scripting (XSS) vulnerabilities in Check_MK before 1.2.2p3 and 1.2.3x before 1.2.3i5 allow remote authenticated users to inject arbitrary web script or HTML via the (1) agent string for a check_mk agent, a (2) crafted request to a monitored host, which is not properly handled by ...

CVE-2014-2330
Published: 2015-08-31
Multiple cross-site request forgery (CSRF) vulnerabilities in the Multisite GUI in Check_MK before 1.2.5i2 allow remote attackers to hijack the authentication of users for requests that (1) upload arbitrary snapshots, (2) delete arbitrary files, or possibly have other unspecified impact via unknown ...

CVE-2014-2331
Published: 2015-08-31
Check_MK 1.2.2p2, 1.2.2p3, and 1.2.3i5 allows remote authenticated users to execute arbitrary Python code via a crafted rules.mk file in a snapshot. NOTE: this can be exploited by remote attackers by leveraging CVE-2014-2330.

CVE-2014-2332
Published: 2015-08-31
Check_MK before 1.2.2p3 and 1.2.3x before 1.2.3i5 allows remote authenticated users to delete arbitrary files via a request to an unspecified link, related to "Insecure Direct Object References." NOTE: this can be exploited by remote attackers by leveraging CVE-2014-2330.

CVE-2014-2570
Published: 2015-08-31
Cross-site scripting (XSS) vulnerability in www/make_subset.php in PHP Font Lib before 0.3.1 allows remote attackers to inject arbitrary web script or HTML via the name parameter.

Dark Reading Radio
Archived Dark Reading Radio
Another Black Hat is in the books and Dark Reading was there. Join the editors as they share their top stories, biggest lessons, and best conversations from the premier security conference.