Zeus Attackers Turned the Tables On Researchers

ancientribe writes "The attackers behind a recent Zeus Trojan exploit that targeted quarterly federal taxpayers who file electronically also set up a trap for researchers investigating the attack as well as their competing cybercrime gangs. They fed them a phony administrative panel with fake statistics on the number of Zeus-infected machines, as well as phony 'botnet' software that actually gathers intelligence on the researcher or competitor who downloads it."

Attack launched from a random email

[digitaldc]

The lesson is for people (including researchers) to be more skeptical of who is sending you email and what it contains.
If they had realized the email was fake and deleted it, this attack would not have worked.

Re:Why can't we have commercial software like this

[CODiNE]

Because those aren't what marketing prioritizes. Generally a company needs to sell the software and get it out it's doors, how well it performs only affects some vague future release. Botnet guys live or die by the performance of their software, they can take the time to get it right and "when it's ready".

So the lesson is, if you want to make quality software that makes you beam with pride, stuff you could put in "Beautiful Code" you ought to be a virus writer. ;)

Re:I almost admire them

[noidentity]

I hesitate to reveal that the whole Slashdot site is a fake, designed to get insightful comments from you. Everyone else is an AI, including me.