Yesterday I came across a post on Sunbelt’s Blog concering bots which have a build in function to destroy the computers operating system (OS). The Sunbelt Blog reference to a blog post on the S21sec Blog:
Last week I received a copy from a ZeuS C&C server for analysis (53’878’694 records in database / 155GB) . The C&C server was hosting about 5 different ZeuS installations controlling more than 100â€²000 computers, mainly located in Poland and Spain.
I was just shocked as I saw that the ZeuS C&C was sending out the ZeuS command kos:
But what is “kos”? The kos command is used by ZeuS to destroy the operating system (kill Operating System). From ZeuS help file (translated with Google):
So what happened? The Operating System of every infected client which was connected to one of the malicious ZeuS C&Cs has been destroyed. That are about 100’000 affected computers!
Yeah, that happens when a Botmaster goes really mad…