New features on the ZeuS Tracker

The last few days I made several improvements to the abuse.ch ZeuS Tracker. First of all I have removed more than 300 ZeuS hosts which are no longer reachable (eg. because the domain has been suspended or deleted etc). So if you are using the ZeuS Blocklist please download the updated blocklist (link). You can get a look at the removed ZeuS hosts on the removal list.

New features

  • I have added a AV detection rate for each binary which is in the Tracker. Special thanks to Team Cymru which is providing the Malware Hash Registry (MHR) to the ZeuS Tracker!
  • There is now a column on the monitor page which shows how many files on a ZeuS hosts are currently online. This feature was requested by various CERTs and ISPs – thanks for your feedback! (link)
  • The removal list now contains archived binaries and configs (link)
  • There is now a page which lists all ZeuS Tracker RSS feeds which are available (link)
  • I’ve added a new filter for the ZeuS Tracker monitor called “ZeuS hosts with files online”. If you click on this filter you will see only ZeuS hosts which have at least one file online (link)
  • You have now the possibility to download ALL ZeuS binaries which are currently in the Tracker. For this purpose I’ve created a cronjob which export all ZeuS binaries on 01:00 UTC into a ZIP-file. For security reasons I won’t post the link here. You can find the link on the FAQ page

Changelog

  • I’ve synchronized the color for the column SBL, status and files online. ZeuS hosts which are offline will now be colored green (and not red)
  • I’ve added a statistical breakdown of the AV detection rate on the bottom of the statistic page (link)
  • I’ve made some changes on the site layout
  • The ZeuS Tracker is no longer BETA

The ZeuS Tracker is searching a new location

Maybe you already noticed that the server which is hosting the ZeuS Tracker and abuse.ch has often connection issues and is not reachable. This is caused by DDoS- and SYN-Flood attacks from various sources agains the Webserver. Unfortunately I’ve only limited ressources to mitigate such attacks at the current server location so I have decided to search a new location for the ZeuS Tracker and abuse.ch. If you have the possibility to spend a server in your network please contact me using the contact form.

Have fun with the new features of the ZeuS Tracker! :)

2 Responses to “New features on the ZeuS Tracker”


  • You are located at 1&1 and they cant handle a DOS attack to your website? Why not use multihomeing? This would prevent your website from further downtimes.

  • With Firefox I get a message about certificate issues when I try to access ZeuS Tracker”, is there a way to fix that?

    “zeustracker.abuse.ch uses an invalid security certificate”

Leave a Reply




economics-recluse
Scene
Urgent!