Zeus continues to evolve - but Trusteer is tracking its progress
This evolving profile is driven in part by the ease with which black hat hackers can develop the malware for new and varied applications.
Our ongoing research here at Trusteer confirms the evolution of Zeus, with a growing number of Web sites that host Zeus variants, as well as the rising volume of networks hosting Command & Control servers for the Zeus botnet swarms.
Over the last four months Trusteer's research teams have been analysing the geographical IP distribution of sites hosting Zeus configurations.
Our research shows that the US (39.8 per cent), Russia (21.6 per cent) and Ukraine (6.5 per cent) were the top three countries, with Eastern Europe accounting for 32.0 per cent of Zeus configs.
That doesn't mean other countries are off the hook, as China, Malaysia, Iraq and Canada - along with Germany, the UK and the Netherlands in the EU territories - are also responsible for Web sites with hosted Zeus environments.
Our research team have also analysed which organisations/service providers have the dubious distinction of ranking high in the Zeus Command & Control (C&C) site stakes.
Analysing 20 of the organisations that account for over half of the C&C controllers reveals that five of the 20 service providers - Informex, PAN-SAM Ltd.,S.Point, LLC Management, and informationaland Delta-X LTD - are on the Ukrainian networks and responsible for 16 per cent of Zeus C&C servers.
Another five service providers are on the US networks and responsible for 14 per cent of Zeus C&C systems, with GoDaddy.com accounting for a hefty 5 per cent of American Zeus C&C sites.
Based on this research, our analysts tested the accessibility of sites used as a Zeus C&C platform.
The analysis of sites IP accessible over the last 80 days makes for some interesting reading, as 29 per cent were found to be US Web sites, with Ukraine (17 per cent) and Russia (14 per cent) once again joining the US on the Zeus hall of shame podium.
Delving into the research reveals some interesting data, such as the UK accounting for 6 per cent, and the rising technology nation of Poland accounting for 5 per cent of IP accessible C&C systems.
Equally surprising was the inclusion of Bosnia and Herzegovina in the 'charts' with three per cent - no mean feat for a country of 3.8 million citizens.
More than anything, these detailed statistics show that the 'global Internet' is fast becoming highly diversified, but the increasing usage of automated registration and servicing systems on the Internet means that human operator monitoring of hosted systems is become less frequent in those countries with good Internet access.
As well as driving the cost of hosting downwards, this has the worrying effect of making it all too easy to register and set up a C&C and/or Zeus-infected Web site plus allied systems, and using the platform to infect the general Internet user community.
Trusteer will continue to monitor and report the continuing evolution of Zeus and its many variant infections, detailing the results for our many friends on the Internet.
Press releases you might also be interested in
Weitere Informationen zum Thema "Sicherheit":
Geteilte Verantwortung bringt doppelte Sicherheit
Unternehmen benötigen zunehmend die Flexibilität der Cloud. Aber dort drohen neue Gefahren. Die Plattformen der Service Provider sind zumeist sicher – aber vielen Unternehmen fehlt die Expertise, Anwendungen und Daten in der Cloud angemessen zu schützen. Cloud Access Security Broker (CASB) können helfen, diese Lücke zu schließen.Weiterlesen