Crimeware tracking service hit by a DDoS attack

Summary:A week after a newly launched crimeware tracking service went public, cybercriminals didn't hesitate to prove its usefulness by launching a distributed denial of service attack (DDoS) against it. According to the Swiss security blog, the Zeus tracker came under attack from a previously known source that also attacked abuse.

A week after a newly launched crimeware tracking service went public, cybercriminals didn't hesitate to prove its usefulness by launching a distributed denial of service attack (DDoS) against it. According to the Swiss security blog, the Zeus tracker came under attack from a previously known source that also attacked abuse.ch over an year ago taking advantage of a well known do-it-yourself DDoS malware.

Just like November 2008's DDoS attack against the anti-fraud site Bobbear.co.uk -- with evidence that the attack was commissioned provided by Zero Day back then -- the single most evident proof of the usefulness of your cybercrime tracking service always comes in the form of a direct attack against its availability.

What is the Zeus Tracker anyway, and why is it so special at the first place?

The Zeus Tracker is a full-disclosure project keeping track of known Zeus hosting locations, one of the most ubiquitous crimeware applications cybercriminals take advantage of for years. Moreover, by maintaining a real-time blocklist that allows the community to easily take action against known Zeus domains/IPs it shouldn't come as a surprise that the service is getting attacked - simply because it exposes active crimeware campaigns.

Once available as a proprietary crimeware tool costing several thousands dollars, today, pirated copies of Zeus are so prevalent, that most of the innovations attempting to to improve its usefulness and abilities to sniff E-banking transaction data come from third parties in a true open source crimeware fashion. In fact, the Zeus crimeware is so popular that cybercriminals themselves are looking for and successfully finding remotely exploitable vulnerabilities within the kit in an attempt to hijack someone else's botnet.

Moreover, with or without the Zeus Tracker's real-time data, the Zeus malware is prone to continue dominating the crimeware landscape due to its maturity into a cybercrime-as-a-service proposition. For instance, the increasing number of services offering managed Zeus botnets not only allow less sophisticated cybercriminals easy access to hundreds of thousands of banker malware infected hosts, but also, the relatively low prices the services charge due to the fact that they're running pirated copies of Zeus ultimately results in the scalability of cybercrime in general.

Attempting to undermine this scalability would mean coming up with ways to shorten the average time a Zeus command and control domain/IP remains online, next to communicating the already known locations as a public service just like the Zeus Tracker does.

Topics: Security

About

Dancho Danchev is an independent security consultant and cyber threats analyst, with extensive experience in open source intelligence gathering, and cybercrime incident response. He's been an active security blogger since 2007, and maintains a popular security blog sharing real-time threats intelligence data with the rest of the community... Full Bio

zdnet_core.socialButton.googleLabel Contact Disclosure

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Related Stories

The best of ZDNet, delivered

You have been successfully signed up. To sign up for more newsletters or to manage your account, visit the Newsletter Subscription Center.
Subscription failed.