Successfully reported this slideshow.
The Zeus Crimeware Kit – An Insidious 
Threat 
Highlights from a Prolexic DDoS Threat Advisory
©2014 AKAMAI | FASTER FORWARDTM 
What is Zeus? 
• Zeus is the most used and most effective crimeware kit 
ever observed by...
©2014 AKAMAI | FASTER FORWARDTM 
Why is Zeus So Dangerous? 
• Requires extremely little skill for attackers to use – setti...
©2014 AKAMAI | FASTER FORWARDTM 
Why is Zeus so Dangerous (continued) 
• Zeus payloads are extremely stealthy – infected h...
©2014 AKAMAI | FASTER FORWARDTM 
Zeus Commands: What Zeus Can Do
©2014 AKAMAI | FASTER FORWARDTM 
Cloud Services at Risk 
• Lately, the Zeus framework has targeted Software-as-a- 
Service...
©2014 AKAMAI | FASTER FORWARDTM 
The Webinjects Configuration 
• Webinjects is an 
insidious Zeus 
capability used to 
att...
©2014 AKAMAI | FASTER FORWARDTM 
What You Can Do to Mitigate This Threat 
• Zeus is mainly a client-based vector, spread b...
©2014 AKAMAI | FASTER FORWARDTM 
Threat Advisory: Zeus Crimeware Framework 
• Download the threat advisory, Zeus Crimeware...
©2014 AKAMAI | FASTER FORWARDTM 
About Prolexic (now part of Akamai) 
• We have successfully stopped DDoS attacks for more...
Upcoming SlideShare
Loading in …5
×

D do s attack threats zeus crimeware kit threat advisory akamai presentation

306 views

Published on

http://bit.ly/1sp1X40 | Malicious actors using the Zeus Crimeware gain control over and access to information on infected host computers, including smartphones and tablets. For example, the attacker can request a screenshot of all displayed content on a host device, which could reveal sensitive information. In addition, the attacker can force the host to download and run remote and local files, or inject code to change the display of a webpage displayed by the host’s browser. Find out more about this DDoS threat in the full Prolexic Zeus Crimeware Kit Threat Advisory, available at Zeus threat http://bit.ly/1sp1X40

Published in: Business
  • Be the first to comment

  • Be the first to like this

D do s attack threats zeus crimeware kit threat advisory akamai presentation

  1. 1. The Zeus Crimeware Kit – An Insidious Threat Highlights from a Prolexic DDoS Threat Advisory
  2. 2. ©2014 AKAMAI | FASTER FORWARDTM What is Zeus? • Zeus is the most used and most effective crimeware kit ever observed by the Internet security community • First appeared in late 2007, primarily used to steal banking credentials from infected computers • Focus has recently shifted to infecting and controlling zombie computers, with the ability to inject executable payloads and bot malware into infected computers
  3. 3. ©2014 AKAMAI | FASTER FORWARDTM Why is Zeus So Dangerous? • Requires extremely little skill for attackers to use – setting it up and generating a payload is accomplished with a simple GUI • Can be combined with other attack tools that are used as Zeus payloads • Has a very high level of control over infected computers • Can exfiltrate large quantities of information, up to and including screenshots and passwords
  4. 4. ©2014 AKAMAI | FASTER FORWARDTM Why is Zeus so Dangerous (continued) • Zeus payloads are extremely stealthy – infected hosts may never realize they’ve been zombified • Uses a number of powerful techniques to evade detection • Hidden files • Obfuscated content • Disables firewalls directly • Distributed, random communication • Antivirus detection rate is estimated at only 39 percent
  5. 5. ©2014 AKAMAI | FASTER FORWARDTM Zeus Commands: What Zeus Can Do
  6. 6. ©2014 AKAMAI | FASTER FORWARDTM Cloud Services at Risk • Lately, the Zeus framework has targeted Software-as-a- Service (SaaS) and Platform-as-a-Service (PaaS) infrastructures • SaaS/PaaS instances allow attackers to exploit the extensive bandwidth and processing power of cloud vendors • PLXSert has observed well-known cloud-services vendor IPs among the sources of many DDoS attacks
  7. 7. ©2014 AKAMAI | FASTER FORWARDTM The Webinjects Configuration • Webinjects is an insidious Zeus capability used to attack specific cloud services • Zeus can inject custom code into websites and apps as the browser displays them • Tricks users into providing personal information or sensitive credentials
  8. 8. ©2014 AKAMAI | FASTER FORWARDTM What You Can Do to Mitigate This Threat • Zeus is mainly a client-based vector, spread by tricking users into running programs that infest their computer. • Organizational security policies and user education are crucial • Learn how to prevent, detect, and remove Zeus infections • Write Snort rules for Zeus traffic • Further details on detection and mitigation are available in the full threat advisory
  9. 9. ©2014 AKAMAI | FASTER FORWARDTM Threat Advisory: Zeus Crimeware Framework • Download the threat advisory, Zeus Crimeware Kit • The threat advisory includes mitigation details for enterprises, such as: • Origins and variations • How the kit works • Indicators of infestation • The process of infection • Remote command execution • A lab simulation showing its power and threat • Recommended mitigation
  10. 10. ©2014 AKAMAI | FASTER FORWARDTM About Prolexic (now part of Akamai) • We have successfully stopped DDoS attacks for more than a decade • Our global DDoS mitigation network and 24/7 security operations center (SOC) can stop even the largest attacks that exceed the capabilities of other DDoS mitigation service providers

×