Client Login
 Quick Contact
New Zeus botnet steals 60 GB of sensitive data
Category : General 04 Aug 2010 12:10 PM | Industry News
The company released a report, stating that the botnet, codenamed 'Mumba', had affected systems in the UK, US, Germany and Spain.
AVG also said that some of the data stolen by the cyber criminals included banking credentials, credit card numbers and the log-in details to social networking accounts.
The botnet uses four different variations of the Zeus malware to steal social networking credentials, bank account details, credit card numbers and email communications from the zombie machines. Zeus v2.0.4.2 supports the latest Microsoft operating system, Windows 7, and also is capable of stealing HTTP traffic from Mozilla Firefox users, according to AVG.
Unlike most Zeus botnets, which use bulletproof hosting or hijacked web servers to host stolen data, Mumba uses a fast-flux network, the report states. Fast-flux, a DNS technique used to hide malicious websites behind an ever-changing network of compromised hosts, often increases the longevity of phishing and malware distribution sites because it makes it more difficult to get the domain taken down.
Avalanche's fast-flux network was mainly used in the past for phishing and malware attacks, but now the group is using the technique to host its stolen goods as well.
Mumba uses the most up-to-date version of the famous Zeus piece of malware. Just last month, Zeus popped up in an attack that cloned the Verified by Visa and MasterCard SecureCode protection features to trick users into entering personal data.
“The unique infrastructure of the Mumba botnet means that going after the servers hosting the stolen data is now much more difficult than before,” added Yuval Ben-Itzhak, senior vice president at AVG.