A week after a newly launched crimeware tracking service went public, cybercriminals didn’t hesitate to prove its usefulness by launching a distributed denial of service attack (DDoS) against it. According to the Swiss security blog, the Zeus tracker came under attack from a previously known source that also attacked abuse.ch over an year ago taking advantage of a well known do-it-yourself DDoS malware.
Just like November 2008’s DDoS attack against the anti-fraud site Bobbear.co.uk — with evidence that the attack was commissioned provided by Zero Day back then — the single most evident proof of the usefulness of your cybercrime tracking service always comes in the form of a direct attack against its availability.
What is the Zeus Tracker anyway, and why is it so special at the first place?
The Zeus Tracker is a full-disclosure project keeping track of known Zeus hosting locations, one of the most ubiquitous crimeware applications cybercriminals take advantage of for years. Moreover, by maintaining a real-time blocklist that allows the community to easily take action against known Zeus domains/IPs it shouldn’t come as a surprise that the service is getting attacked - simply because it exposes active crimeware campaigns.
- Go through more recent DDoS attacks coverage - GoDaddy hit by a DDoS attack; AlertPay hit by a large scale DDoS attack; BBC hit by a DDoS attack; Anti fraud site hit by a DDoS attack; Norwegian BitTorrent tracker under DDoS attack; Georgia President’s web site under DDoS attack from Russian hackers
Once available as a proprietary crimeware tool costing several thousands dollars, today, pirated copies of Zeus are so prevalent, that most of the innovations attempting to to improve its usefulness and abilities to sniff E-banking transaction data come from third parties in a true open source crimeware fashion. In fact, the Zeus crimeware is so popular that cybercriminals themselves are looking for and successfully finding remotely exploitable vulnerabilities within the kit in an attempt to hijack someone else’s botnet.
Moreover, with or without the Zeus Tracker’s real-time data, the Zeus malware is prone to continue dominating the crimeware landscape due to its maturity into a cybercrime-as-a-service proposition. For instance, the increasing number of services offering managed Zeus botnets not only allow less sophisticated cybercriminals easy access to hundreds of thousands of banker malware infected hosts, but also, the relatively low prices the services charge due to the fact that they’re running pirated copies of Zeus ultimately results in the scalability of cybercrime in general.
Attempting to undermine this scalability would mean coming up with ways to shorten the average time a Zeus command and control domain/IP remains online, next to communicating the already known locations as a public service just like the Zeus Tracker does.
