Category Archives: ZeuS Tracker

Cybercriminals Abuse ZeuS Tracker To Promote Fake-AV

Everybody loves the ZeuS Tracker – even the bad guys…

Today a friend over PhishLabs contacted me regarding a Fake-AV software (also known as “Rogue Antivirus” or “Scareware”) which obviously uses the ZeuS Tracker to get a good reputation and to promote the product. The software is called Shield EC and is being sold thru the website www.[dot]shieldec[dot]com:

When you read the first sentence on their website you will be pretty surprised:

Shield EC is a result of two-year research and close collaboration of programmers and analysts from Martindale Enterprises LTD and Zeus Tracker, the main center for ZeuS epidemic prevention.

… and in the “About the company” section:

The major achievements of the company count a joint development with ZeuS Tracker of a unique anti virus Shield EC, targeted at fighting banking Zbot (ZeuS) Trojan.

The cybercriminals are using two domain names to spread their rogue security software:

The two mentioned domain names are hosted on the Avalanche FastFlux botnet which is also being used for a long time to host malicious ZeuS C&C servers:

Reference: FastFlux Tracker

There is a list of ZeuS C&C domain names hosted on the Avalanche FastFlux botnet available on the ZeuS Tracker:

Reference: List of ZeuS domains hosted on Avalanch FastFlux botnet

Of course the ZeuS Tracker would never cooperate with any criminal organization. The promoted software is 100% rogue so please stay away from it!

ZeuS Tracker goes Arbor

I’m very excited today to announce that Arbor Networks, one of the leading vendors providing DDoS Protection and Network Security world-wide, has added a fingerprint in their Peakflow product family to help Internet Service Providers (ISPs) and companies around the world to mitigate, protect and monitor malicious ZeuS C&C Botnet traffic within their Networks. The fingerprint provided by Arbor is being generated in cooperation with the ZeuS Tracker.

If you are a network administrator and your company is runing Arbor Peakflow you just can activate the fingerprint using Arbor’s Active Threat Feed policies (ATF).