I will just give you a short overview here about the function and the idea behind the abuse.ch ZeuS Tracker.
What is ZeuS?
For those which are reading my blog frequently you will know this trojan from my previous posts. For all others: ZeuS is a crimeware kit, which steals credentials for various online services like social networks, online banking accounts, ftp accounts, email accounts and other. The trojan is also known as Zbot and WSNPoem.
How to get infected?
The ZeuS trojan spears on email as well via Drive-By infections (using toolkits like LuckySploit, El fiesta and so on).
What is the abuse.ch ZeuS Tracker?
The abuse.ch ZeuS Tracker provides you the possiblity to track ZeuS Command & Control servers (C&C). The tracker captures and track the ZeuS hosts aswell as the associated config files, binaries and dropezones. The main focus is to provide system administrators the possiblity to block well-known ZeuS hosts and avoid ZeuS infections in their networks. Therefore you can download a ZeuS domain blocklist and a ZeuS IP blocklist. Additionally the ZeuS Tracker should help CERTs and ISPs to track malicious ZeuS hosts in their networks / countries.
Where can I find the ZeuS Tracker
You can find the ZeuS Tracker on https://zeustracker.abuse.ch (It’s on https, not http).
What is the ZeuS blocklist?
The ZeuS blocklist lists all ZeuS hosts which are currently beeing tracket on the ZeuS tracker. The blocklist is available on the ZeuS Tracker webpage. Additionally, the domains are included in the Malware Domain List (MDL).
- The ZeuS Tracker is currently in BETA. So if you have any problems or further ideas please let me know (contact).
- Don’t be affright, there are currently over 200 ZeuS hosts which are beeing tracked by the ZeuS Tracker.
- You can submit new ZeuS hosts to the ZeuS Tracker using the submit form.
- A RSS feed for the ZeuS Tracker is available (Subscribe to ZeuS Tracker RSS feed).