Follow Slashdot blog updates by subscribing to our blog RSS feed

 



Forgot your password?
typodupeerror

Slashdot videos: Now with more Slashdot!

  • View

  • Discuss

  • Share

We've improved Slashdot's video section; now you can view our video interviews, product close-ups and site visits with all the usual Slashdot options to comment, share, etc. No more walled garden! It's a work in progress -- we hope you'll check it out (Learn more about the recent updates).

×
Botnet Security

Gameover ZeuS Re-Emerges As Fast-Fluxing Botnet 62

Posted by Soulskill
from the game-not-quite-over-after-all dept.
New submitter tylke (621801) writes: "Brian Krebs is reporting that the Gameover ZeuS botnet recently taken down by the U.S. Justice Department in June has re-emerged. The new variant of the Trojan is "stripped of the P2P code, and relies instead on an approach known as fast-flux hosting," a kind of round-robin technique that lets botnets hide phishing and malware delivery sites behind a network of compromised systems. Krebs says, "[T]his variant also includes a 'domain name generation algorithm' or DGA, which is a failsafe mechanism that can be invoked if the botnet’s normal communications system fails. The DGA creates a constantly-changing list of domain names each week (gibberish domains that are essentially long jumbles of letters). In the event that systems infected with the malware can’t reach the fast-flux servers for new updates, the code instructs the botted systems to seek out active domains from the list specified in the DGA. All the botmasters need to do in this case to regain control over his crime machine is register just one of those domains and place the update instructions there." (Disclosure: I work for Malcovery Security, the company credited with identifying the new variant.)
This discussion has been archived. No new comments can be posted.

Gameover ZeuS Re-Emerges As Fast-Fluxing Botnet

Comments Filter:
  • Fast Flux (Score:4, Informative)

    by Himmy32 (650060) on Friday July 11, 2014 @01:12PM (#47432907)
    The article linked to Wikipedia on what Fast Flux was:

    The basic idea behind Fast flux is to have numerous IP addresses associated with a single fully qualified domain name, where the IP addresses are swapped in and out with extremely high frequency, through changing DNS records.

    In case anyone else didn't know that was Fast flux was.

Technology is dominated by those who manage what they do not understand.

Working...