Rechercher
Contactez-nous Suivez-nous sur Twitter En francais English Language
 

Freely subscribe to our NEWSLETTER

Newsletter FR

Newsletter EN

Vulnérabilités

Unsubscribe

Noa Bar-Yosef, Imperva’s Senior Security Strategist on how the Zeus scam, which has resulted in over 70 arrests, may have operated:

October 2010 by Imperva

"These criminals operated Zeus in one of two ways: either the bots used were under their own control, or, and more likely the case, they rented a bot from a bot ’farmer’. The bot farmer grows and manages the bot, and the criminals then rented and used it.

The hacking rings we see today take on a more organized approach, similar to a drug cartel or a cyber-mafia. There is a hierarchy with employees that have a distinct role in the scheme — the researcher looks for different ways to infect machines, the botnet farmer operates the bots, the botnet dealer rents the bots, and the actual ’consumer’ monetizes on the virtual goods received by the bot.

In this scheme, these bots did more than just harvest user credentials — they injected code into the user’s browser so that the user thinks they have a legitimate connection with their bank. In fact, the user was actually engaging with the Trojan.

Banks need to step up their security measures — instead of being reactionary after the fact, try to be proactive by guessing the next steps of the hackers. The banks can use the uncovering of this Zeus exploit to learn more about how these gangs work. They can see how the attack code was adapted over time and analyze the modification of methods, which can help them anticipate the next move hackers are likely going to make."


See previous articles

    

See next articles


Your podcast Here

New, you can have your Podcast here. Contact us for more information ask:
Marc Brami
Phone: +33 1 40 92 05 55
Mail: ipsimp@free.fr

All new podcasts