Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision
Previous revision
en:information_technology:the_zeus_malware_incident [2020-05-09 13:13] – external edit 127.0.0.1en:information_technology:the_zeus_malware_incident [2023-02-23 23:54] (current) – Tags updated. Heikki
Line 1: Line 1:
 ====== The ZeuS malware incident ====== ====== The ZeuS malware incident ======
  
-<wrap info>This report was written in 2014, latest update 2017-10-22. [[:fi:tietotekniikka:zeus_haittahohjelma_koneella|Summary in Finnish]].</wrap>+<WRAP info>This report was written in 2014, latest update 2017-10-22. [[:fi:tietotekniikka:zeus_haittahohjelma_koneella|Summary in Finnish]].</WRAP>
  
 My Windows 7 desktop computer was hit by [[http://www.securelist.com/en/blog/208214171/The_inevitable_move_64_bit_ZeuS_has_come_enhanced_with_Tor|ZeuS malware]] or some variant of it. It wasn't detected by virus scanners and so it lived on the computer at least over a month, maybe much longer. Here is the full story. My Windows 7 desktop computer was hit by [[http://www.securelist.com/en/blog/208214171/The_inevitable_move_64_bit_ZeuS_has_come_enhanced_with_Tor|ZeuS malware]] or some variant of it. It wasn't detected by virus scanners and so it lived on the computer at least over a month, maybe much longer. Here is the full story.
Line 41: Line 41:
   * Why ZeuS caused TCP socket flooding that finally made you detect it? I assume that this happened because of some sort of malfunction on ZeuS or because of the fact that I had an active firewall that blocked the sockets causing ZeuS to open more and more sockets. But all this is purely speculation. I was lucky to have that TCP socket flooding happening. Without it I might have been running ZeuS like forever. It is also possible that this ZeuS variant was just acting annoying on purpose. But I think this is unlikely: nowdays malware is mostly to do something beneficial without getting noticed by the user, not to act annoying and dropping network connections.   * Why ZeuS caused TCP socket flooding that finally made you detect it? I assume that this happened because of some sort of malfunction on ZeuS or because of the fact that I had an active firewall that blocked the sockets causing ZeuS to open more and more sockets. But all this is purely speculation. I was lucky to have that TCP socket flooding happening. Without it I might have been running ZeuS like forever. It is also possible that this ZeuS variant was just acting annoying on purpose. But I think this is unlikely: nowdays malware is mostly to do something beneficial without getting noticed by the user, not to act annoying and dropping network connections.
  
-{{tag>IT 2013 2014 2017 Tor malware virus ZeuS Opera svchost Windows}}+{{tag>it 2013 2014 2017 malware virus windows}}