Everybody loves the ZeuS Tracker – even the bad guys…
Today a friend over PhishLabs contacted me regarding a Fake-AV software (also known as “Rogue Antivirus” or “Scareware”) which obviously uses the ZeuS Tracker to get a good reputation and to promote the product. The software is called Shield EC and is being sold thru the website www.[dot]shieldec[dot]com:
When you read the first sentence on their website you will be pretty surprised:
Shield EC is a result of two-year research and close collaboration of programmers and analysts from Martindale Enterprises LTD and Zeus Tracker, the main center for ZeuS epidemic prevention.
… and in the “About the company” section:
The major achievements of the company count a joint development with ZeuS Tracker of a unique anti virus Shield EC, targeted at fighting banking Zbot (ZeuS) Trojan.
The cybercriminals are using two domain names to spread their rogue security software:
The two mentioned domain names are hosted on the Avalanche FastFlux botnet which is also being used for a long time to host malicious ZeuS C&C servers:Reference: abuse.ch FastFlux Tracker
There is a list of ZeuS C&C domain names hosted on the Avalanche FastFlux botnet available on the ZeuS Tracker:Reference: List of ZeuS domains hosted on Avalanch FastFlux botnet
Of course the ZeuS Tracker would never cooperate with any criminal organization. The promoted software is 100% rogue so please stay away from it!
I’m very excited today to announce that Arbor Networks, one of the leading vendors providing DDoS Protection and Network Security world-wide, has added a fingerprint in their Peakflow product family to help Internet Service Providers (ISPs) and companies around the world to mitigate, protect and monitor malicious ZeuS C&C Botnet traffic within their Networks. The fingerprint provided by Arbor is being generated in cooperation with the ZeuS Tracker.
If you are a network administrator and your company is runing Arbor Peakflow you just can activate the fingerprint using Arbor’s Active Threat Feed policies (ATF).