Wednesday, June 4, 2014

Zeus and CryptoLocker creator on FBI Wanted List.

USA TODAY article.

FBI states Evgeniy Mikhailovich Bogachev, aka "Slavik", created Gameover Zeus and CryptoLocker.

Gameover Zeus -

Malware is commonly distributed through mass e-mailing targets. Someone in the organization will open the attachment or click the link and infect their machine with a virus.

This particular malware will watch and record every keystroke.  It will watch for and steal banking credentials and send that information to a remote server.

Here we see the remote servers in Blue.
The virus found on the compute is in Orange at the bottom.

Gameover Zeus Bogachev "Slavik" - Malware Visualizer

Zeus -

Some malware will try to hide their malicious Internet Traffic with regular looking traffic. Some will check to see if they have Internet access before unpacking and sending traffic to their real locations. This graph shows Internet Traffic to legitimate Google sites of and There is also malicious Internet Traffic to an IP address and URL.

The ".tmp" file is usually deleted as a temporary holding place for the ".exe" file. A ".bat" file can be many things but it is included in malware that is coded to delete the original file after the original file has been renamed and copied to a hidden directory location.
 Zeus Malware Visualizer

CryptoLocker -

Notice the large amount of Internet Traffic.
Most of it is no longer associated to an IP address which is why it's pointing to an empty node.

The group at the bottom are still communicating to a Command and Control Server at IP address
Of that group half have the word Sinkhole.

CryptoLocker Malware Visualizer

No comments:

Post a Comment