Wednesday, June 4, 2014

Zeus and CryptoLocker creator on FBI Wanted List.

USA TODAY article.


FBI states Evgeniy Mikhailovich Bogachev, aka "Slavik", created Gameover Zeus and CryptoLocker.



Gameover Zeus - MalwareViz.com

Malware is commonly distributed through mass e-mailing targets. Someone in the organization will open the attachment or click the link and infect their machine with a virus.

This particular malware will watch and record every keystroke.  It will watch for and steal banking credentials and send that information to a remote server.

Here we see the remote servers in Blue.
The virus found on the compute is in Orange at the bottom.

Gameover Zeus Bogachev "Slavik" - MalwareViz.com Malware Visualizer



Zeus - MalwareViz.com

Some malware will try to hide their malicious Internet Traffic with regular looking traffic. Some will check to see if they have Internet access before unpacking and sending traffic to their real locations. This graph shows Internet Traffic to legitimate Google sites of www.google.com and www.google.nl.(Netherlands). There is also malicious Internet Traffic to an IP address and URL.

The ".tmp" file is usually deleted as a temporary holding place for the ".exe" file. A ".bat" file can be many things but it is included in malware that is coded to delete the original file after the original file has been renamed and copied to a hidden directory location.
 Zeus Malware Visualizer MalwareViz.com





CryptoLocker - MalwareViz.com

Notice the large amount of Internet Traffic.
Most of it is no longer associated to an IP address which is why it's pointing to an empty node.

The group at the bottom are still communicating to a Command and Control Server at IP address
212.71.250.4.
Of that group half have the word Sinkhole.

CryptoLocker Malware Visualizer MalwareViz.com

No comments:

Post a Comment