Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision		 Previous revision
Last revisionBoth sides next revision
en:information_technology:the_zeus_malware_incident [2020-05-09 13:13] – external edit 127.0.0.1en:information_technology:the_zeus_malware_incident [2023-02-20 23:37] – external edit 127.0.0.1
Line 1: Line 1:
 ====== The ZeuS malware incident ====== ====== The ZeuS malware incident ======
  
-<wrap info>This report was written in 2014, latest update 2017-10-22. [[:fi:tietotekniikka:zeus_haittahohjelma_koneella|Summary in Finnish]].</wrap>+<WRAP info>This report was written in 2014, latest update 2017-10-22. [[:fi:tietotekniikka:zeus_haittahohjelma_koneella|Summary in Finnish]].</WRAP>
  
 My Windows 7 desktop computer was hit by [[http://www.securelist.com/en/blog/208214171/The_inevitable_move_64_bit_ZeuS_has_come_enhanced_with_Tor|ZeuS malware]] or some variant of it. It wasn't detected by virus scanners and so it lived on the computer at least over a month, maybe much longer. Here is the full story. My Windows 7 desktop computer was hit by [[http://www.securelist.com/en/blog/208214171/The_inevitable_move_64_bit_ZeuS_has_come_enhanced_with_Tor|ZeuS malware]] or some variant of it. It wasn't detected by virus scanners and so it lived on the computer at least over a month, maybe much longer. Here is the full story.
Line 41: Line 41:
   * Why ZeuS caused TCP socket flooding that finally made you detect it? I assume that this happened because of some sort of malfunction on ZeuS or because of the fact that I had an active firewall that blocked the sockets causing ZeuS to open more and more sockets. But all this is purely speculation. I was lucky to have that TCP socket flooding happening. Without it I might have been running ZeuS like forever. It is also possible that this ZeuS variant was just acting annoying on purpose. But I think this is unlikely: nowdays malware is mostly to do something beneficial without getting noticed by the user, not to act annoying and dropping network connections.   * Why ZeuS caused TCP socket flooding that finally made you detect it? I assume that this happened because of some sort of malfunction on ZeuS or because of the fact that I had an active firewall that blocked the sockets causing ZeuS to open more and more sockets. But all this is purely speculation. I was lucky to have that TCP socket flooding happening. Without it I might have been running ZeuS like forever. It is also possible that this ZeuS variant was just acting annoying on purpose. But I think this is unlikely: nowdays malware is mostly to do something beneficial without getting noticed by the user, not to act annoying and dropping network connections.
  
-{{tag>IT 2013 2014 2017 Tor malware virus ZeuS Opera svchost Windows}}+{{tag>it 2013 2014 2017 tor malware virus zeus opera svchost windows}}