As most of you probably noticed, ZeuS Tracker was offline for a whole week (2010-09-03 to 2010-09-14). During this time I made several improvements and added new features to ZeuS Tracker.
But before I go on with the list of new features, I would like to point your attention to another topic:
I’m currently working on a new project which should help operators of large networks (like ISPs, governmental organizations and NGOs) to mitigated bad traffic in their network. The project is currently in BETA and I’m searching for administrators which have the possibility to test the functions of the new project in a test network environment. Unfortunately I’m currently not able to disclose more information about the new project. If you are a network operator of a large network and you willing to support abuse.ch, please contact me using the contact form.
Back to the main topic: Below is a list of new features on ZeuS Tracker.
- ZT now records the time how long a ZeuS host is up (uptime)
- ZeuS Tracker now tracks FakeURLs used by the ZeuS Crimeware
- The monitor page now displays the HTTP status code returned by the ZeuS URLs (200, 404 etc)
- If available, the monitor page displays the hostname for a ZeuS host
- Added Virustotal support for ZeuS binaries
- ZT now provides the Builder versions with which the ZeuS config files have been created
- Added Google Maps to the ZT IP page
- Added IP- and domain blocklist for Squid, iptables and Windows Host file
- ZeuS Tracker cron script has been fully rewritten
- The cron script now runs in threaded mode (faster in checking ZeuS hosts)
- Statistic page now displays some additional statistics (Spamhaus SBL stats, Builder versions etc).
Additionally, I’ve made a huge ZeuS Tracker database cleanup and removed old and non-resolving hosts.
Automated binary submissions to the AV industry
ZeuS Tracker now supports the AV industry by submitting new ZeuS binaries to the AV vendors as soon as they appear on the ZeuS Tracker. I’ve made special agreements with some of the AV vendors listed below which have give the ZeuS Tracker direct access to their Sandbox systems. Some of the AV vendors are doing a great job which makes it possible that a new pattern is being released just a few minutes after ZT submitted the binary to the sandbox (using reputation based detection systems).
Currently, the following AV vendors receive a real time binary feed from ZeuS Tracker:
- Trend Micro
I hope you enjoy the new features of ZeuS Tracker!
PS: I’m currently searching a sponsorship for a SSL certificate for the ZeuS Tracker. If you are able to provide a SSL Certificate to ZeuS Tracker I would love if you contact me using the contact form. Any help would be appreciated!