ZeuS-Botnet: Command&Control in the Cloud

antivir_okThe ZeuS Tracker project stumbled upon a ZBot variant which used Amazons Cloud hosting service EC2 as Command&Control (C&C) server. ZBot is a widespread trojan which can spy on online banking credentials and steals other login information. It gets sold as a construction kit where the buyer can choose which servers to contact, what to spy upon and so on.

The usage of Amazons Cloud is just a coincidence though. It seems that some Cloud user had insecure services running which got hacked by the cybercriminals. Meanwhile the C&C isn’t online anymore. Anyhow this shows that you have to take security measures in the Cloud as well.

Avira detects the ZBot variant generically as TR/Crypt.ZPACK.Gen, without an update. Users of Avira products thus are safe from the threat.

Dirk Knop
Technical Editor