ZeuS is a banking trojan. Designed to steal money from online bank user’s accounts. This trojan became so big, that it resulted in one of the biggest FBI operations ever.
Sponsors
Support for this show comes from Axonius. Securing assets — whether managed, unmanaged, ephemeral, or in the cloud — is a tricky task. The Axonius Cybersecurity Asset Management Platform correlates asset data from existing solutions to provide an always up-to-date inventory, uncover gaps, and automate action. Axonius gives IT and security teams the confidence to control complexity by mitigating threats, navigating risk, decreasing incidents, and informing business-level strategy — all while eliminating manual, repetitive tasks. Visit axonius.com/darknet to learn more and try it free.
Support for this show comes from Keeper Security. Keeper Security’s is an enterprise password management system. Keeper locks down logins, payment cards, confidential documents, API keys, and database passwords in a patented Zero-Knowledge encrypted vault. And, it takes less than an hour to deploy across your organization. Get started by visiting keepersecurity.com/darknet.
Sources
- https://www.wired.com/2017/03/russian-hacker-spy-botnet/
- https://www.cbsnews.com/news/evgeniy-mikhailovich-bogachev-the-growing-partnership-between-russia-government-and-cybercriminals-60-minutes/
- https://cert.pl/uploads/docs/2013-06-p2p-rap_pl.pdf
- https://www.nytimes.com/2017/03/12/world/europe/russia-hacker-evgeniy-bogachev.html
- https://www.forbes.com/sites/thomasbrewster/2015/08/05/gameover-zeus-surveillance-links/?sh=5fa0822c7b36
- https://www.infoworld.com/article/2608714/the-zeus-botnet-and-the-making-of-a-cyber-crime-market.html
- https://www.ibtimes.co.uk/gameover-slavik-cybercrime-kingpin-behind-zeus-malware-1451095
- https://www.theguardian.com/technology/2016/apr/21/hackers-jailed-over-spyeye-virus-that-robbed-bank-accounts-worldwide
- https://krebsonsecurity.com/2016/04/spyeye-makers-get-24-years-in-prison/
- https://krebsonsecurity.com/wp-content/uploads/2016/04/bx1-gribboSM.pdf
- https://www.justice.gov/usao-ndga/victim-witness-assistance/information-victims-large-cases/united-states-v-panin
- https://krebsonsecurity.com/2012/03/microsoft-takes-down-dozens-of-zeus-spyeye-botnets/
- https://docs.microsoft.com/en-us/archive/blogs/microsoft_blog/microsoft-and-financial-services-industry-leaders-target-cybercriminal-operations-from-zeus-botnets
- https://www.zeuslegalnotice.com/
- https://krebsonsecurity.com/2012/05/microsoft-to-botmasters-abandon-your-inboxes/
- https://www.wired.com/2012/03/microsoft-botnet-takedown/
- https://www.justice.gov/opa/pr/us-leads-multi-national-action-against-gameover-zeus-botnet-and-cryptolocker-ransomware
- https://www.justice.gov/iso/opa/resources/2162014411104532407242.pdf
- https://www.justice.gov/opa/pr/nine-charged-conspiracy-steal-millions-dollars-using-zeus-malware
- https://www.justice.gov/sites/default/files/opa/legacy/2014/06/02/pittsburgh-indictment.pdf
- https://www.justice.gov/opa/press-release/file/1223591/download
- https://en.wikipedia.org/wiki/Maksim_Yakubets
- https://www.fbi.gov/wanted/cyber/maksim-viktorovich-yakubets
- https://www.newyorker.com/news/news-desk/how-hacking-became-a-professional-service-in-russia
- https://www.bbc.co.uk/news/world-us-canada-53195749
- https://www.f5.com/labs/articles/education/banking-trojans-a-reference-guide-to-the-malware-family-tree
- https://www.csoonline.com/article/3624736/the-evolution-of-cybercrime-as-a-service.html
- https://abcnews.go.com/Technology/AheadoftheCurve/story?id=5515042&page=1
- https://www.shadowserver.org/news/gameover-zeus-cryptolocker/
- https://www.secureworks.com/research/the-lifecycle-of-peer-to-peer-gameover-zeus
- https://www.secureworks.com/blog/operation-tovar-dell-secureworks-contributes-to-efforts-targeting-gameover-zeus-and-cryptolocker
- https://krebsonsecurity.com/2014/06/operation-tovar-targets-gameover-zeus-botnet-cryptolocker-scourge/
- https://www.justice.gov/archives/opa/documents-and-resources-gameover-zeus-cryptolocker-press-conference
- https://itsecurity.org/category/dridex/
- https://www.gobankingrates.com/banking/banks/history-online-banking/
- https://www.theregister.com/2017/06/06/russia_cyber_militia_analysis/
- https://www.kaspersky.com/blog/the-big-four-banking-trojans/2956/
- https://en.wikipedia.org/wiki/Zeus
- https://www.cl.cam.ac.uk/~rnc1/configuringzeus.pdf
- https://www.trendmicro.com/vinfo/it/security/news/cybercrime-and-digital-threats/online-banking-trojan-brief-history-of-notable-online-banking-trojans
- https://eu.usatoday.com/story/cybertruth/2014/02/05/lessons-capture-spyeye-mastermind/5182697/
- https://www.bloomberg.com/news/features/2015-06-18/the-hunt-for-the-financial-industry-s-most-wanted-hacker
- https://www.secureworks.com/research/zeus
- https://docs.apwg.org//reports/APWG_GlobalPhishingSurvey_2H2009.pdf
- https://web.archive.org/web/20191105152729/https://www.symantec.com/content/dam/symantec/docs/security-center/white-papers/security-response-zeus-king-of-bots-09-en.pdf
- https://www.itnews.com.au/news/avalanche-botnet-moves-from-distributing-spam-to-zeus-lures-236490
- https://www.csoonline.com/article/2125833/malware-cybercrime-ach-fraud-why-criminals-love-this-con.html
- https://www.theregister.com/2008/09/05/rock_phish_and_asprox_team_up/
- https://www.theregister.com/2015/08/06/100m_business_gang_foxit_report/
- https://www.securityweek.com/gameover-zeus-gang-leader-engaged-espionage-researchers
- https://www.baselinemag.com/c/a/Security/Inside-Rock-Phishing/1
- https://www.computerworld.com/article/2536753/rock-phish-gang-adds-second-punch-to-phishing-attacks.html
- https://www.cl.cam.ac.uk/~rnc1/ecrime07.pdf
- https://www.justice.gov/archive/usao/nys/pressreleases/September10/operationachingmulespr%20FINAL.pdf
- https://www.markmonitor.com/download/wp/wp-rockphish.pdf
- https://web.archive.org/web/20120612224604/http://www.m86security.com/documents/pdfs/security_labs/cybercriminals_target_online_banking.pdf
- https://web.archive.org/web/20101007064930/http://www.fbi.gov/page2/oct10/cyber_100110.html
- https://web.archive.org/web/20101006025503/http://www.fbi.gov/pressrel/speeches/snow100110.htm
- https://www.worldhistory.org/zeus/
- https://botnetlegalnotice.com/citadel/files/Guerrino_Decl_Ex1.pdf
- http://www.usatodayeducate.com/wp-content/uploads/cyber_az.pdf
- https://web.archive.org/web/20130324121654/http://blogs.rsa.com/organized-cybercrime-nefarious-sophistication-featuring-zeus-v2-1-0-10/
- https://www.cryptomathic.com/hubfs/docs/cryptomathic_white_paper-2fa_for_banking.pdf
- https://en.wikipedia.org/wiki/Avalanche_(phishing_group)
- https://news.softpedia.com/news/Planted-Malware-Leaves-Kentucky-County-Short-of-415-000-115820.shtml
- http://voices.washingtonpost.com/securityfix/2009/07/an_odyssey_of_fraud_part_ii.html
- https://www.blackhat.com/docs/us-15/materials/us-15-Peterson-GameOver-Zeus-Badguys-And-Backends-wp.pdf
- https://www.technologyreview.com/2010/02/23/205791/rise-of-the-point-and-click-botnet/
- https://www.theguardian.com/us-news/2015/feb/24/us-highest-ever-cybercrime-reward-evgeniy-bogachev
- https://www.secureworks.com/research/bankingprg
- https://www.presentica.com/doc/11451212/highly-resilient-peer-to-peer-botnets-are-here-an-analysis-of
- https://securityledger.com/2021/08/connecting-the-dots-the-kremlins-links-to-cyber-crime/
- https://web.archive.org/web/20101125232037/http://www.netwitness.com/resources/pressreleases/feb182010.aspx
- https://techguy.org/history/
- https://www.secureworks.com/research/prgtrojan
- https://www.secureworks.com/blog/trojans-20817
- https://www.secureworks.com/research/bankingprg
- https://www.pcworld.com/article/503602/article-2891.html
- https://www.fbi.gov/news/stories/gameover-zeus-botnet-disrupted
- https://www.justice.gov/sites/default/files/opa/legacy/2014/05/30/declaration.pdf
- https://nautil.us/issue/66/clockwork/the-100-million-bot-heist
- https://krebsonsecurity.com/2015/02/fbi-3m-bounty-for-zeus-trojan-author/
- https://www.justice.gov/archives/opa/documents-and-resources-gameover-zeus-cryptolocker-press-conference
- https://slate.com/technology/2014/06/evgeniy-bogachev-gameover-zeus-cryptolocker-how-the-fbi-shut-down-two-viruses.html
- https://krebsonsecurity.com/2015/08/inside-the-100m-business-club-crime-gang/
Videos
- Microsoft and Financial Industry Battle the Zeus Botnets
- Deputy Attorney General Press Conference for Gameover Zeus and Cryptolocker Operations
- FBI offers $3m reward for GameOver Zeus creator Russian hacker Evgeniy Bogachev
- Fox News Philadelphia 10pm - Anthony Mongeluzo Pro Computer Service - ZeuS Botnet
- GameOver Zeus Badguys And Backends
- HAR 2009 The ZeuS evolution 1/6
- ZeuS Trojan Warning
Attribution
Darknet Diaries is created by Jack Rhysider.
Episode artwork by odibagas.
Audio cleanup by Proximity Sound.
Theme music created by Breakmaster Cylinder. Theme song available for listen and download at bandcamp. Or listen to it on Spotify.
Equipment
Recording equipment used this episode was the Shure SM7B, Zoom Podtrak P4, Sony MDR7506 headphones, and Hindenburg audio editor.
Transcript
[START OF RECORDING]
JACK: When you put your money in the bank, you do it for safekeeping, right? I mean, you need to collect it somewhere, and under your mattress doesn’t seem like the best idea, so we use bank accounts. Our paychecks go into it, and we pay our bills from it. We could take cash out or transfer money to someone else. Yeah, it’s all pretty easy, because now we can do all this online. Before, we had to go into a local branch and wait in a queue and get the bank teller to do what we needed. It was a bit time-consuming and a little boring, but not anymore. Now, we can just log into our bank account via the bank’s website and yeah, just go ahead and do whatever we need and then log out again. Now there are apps for cell phones so that you could just do it on the go. You don’t even have to be home anymore to check your bank balance or pay bills. All this stuff is going digital, which makes it easier for us to use. The problem with that though is that it’s not just easier for customers to use; it also means it’s easier for criminals to rob banks. [MUSIC] Let’s be honest about it; millions of bank accounts, from standard personal accounts to big business accounts all just sitting behind a login screen, and that’s just a flashing beacon for hackers that have an eye for financial fraud. Back in the mid-2000s, online banking had only been around for a few years. It was Wells Fargo in 1995 who was the first bank to offer internet banking to its customers, and their customers loved it.