Security researchers compromised what they believed to be a control server for the Zeus botnet, but after examining it in detail, they concluded that it was a fake, designed to allow botmasters to spy on security researcher tactics and plan countermeasures.
What particularly stands out about the EFTPS exploit toolkit is their admin interface. Note that it's common for most exploit toolkits to contain an admin interface that manages exploits, payloads, and tracks exploit success rates. However, the EFTPS exploit toolkit contains a completely fake admin console. This admin interface acts as a "hacker honeypot" that records detailed information about who attempted to access the admin console, as well as who attempted to hack into it. The fake login system conveniently accepts default/easily guessed credentials and common SQL injection strings…Finally, notice that the user can also upload "new bot" malware, which is also logged. This should serve as a warning to researchers, don't always believe what you see on these stats pages…
Statistics Don't Lie… Or Do They?
(via The Inquirer)
- Time-lapse of botnet's spread around the world
- Fighting spam with captured botnet hosts
- Arrests made in "Mariposa" botnet that infected 13 million PCs …
- Botnet runners start their own ISPs
- Have botnet prices crashed?
- StormWorm botnet lashes out at security researchers
- FBI nabs "Iserdo" the 23-yr-old Slovenian "Botnet" bandit – Boing …
- 1.4GB of personal data recovered from botnet server