ファイアウォールの新たなゼロデイ脆弱性が話題になっています。ファイアウォールやVPNについて不安をお持ちの場合は、Zscalerの特別オファーをご活用ください。

Zscalerのブログ

Zscalerの最新ブログ情報を受信

購読する
製品およびソリューション

When Zombie Botnets Attack!

image
CLINTON KARR
2月 04, 2014 - 2 分で読了

The Zbot botnet continues to raise its ugly head, according to recent research from Zscaler ThreatLabZ. Check out the ThreatLabZ blog post for the full technical analysis. The ultimate goal of Zbot is to harness infected machines to send ad traffic, at times more than 2 Mbps, fraudulently earning ad revenue for the botnet owner.

Image

Zbot maintains persistence by deleting itself once it is run, in order to hinder detection efforts. Next, Zbot establishes a Security Task in Winows, so that even if it is removed it will be reinstalled upon reboot. Finally, Zbot disables key Windows processes, including Safe Boot, to make remediation more difficult.

Once Zbot has established persistence, it communicates with its command and control server (C&C), periodically receiving GET requests to ensure the infected machine is still online. This traffic presents the best avenue for detection. Users may notice a slowdown of Internet traffic and network administrators can monitor for anomalious traffic patterns.

While Zbot may be difficult to detect and remediate on an end user's machine, the fact that it sends as much as 2 Mbps of traffic from an infected machine makes it easier to identify from a networking perspective. Information security neither begins nor ends with the end user nor with networking, but rather the sum of its parts. To adequately protect against these threats, information security and networking teams must be aligned to obtain a comprehensive view of enterprise network traffic.

form submtited
お読みいただきありがとうございました

このブログは役に立ちましたか?

dots pattern

Zscalerの最新ブログ情報を受信

このフォームを送信することで、Zscalerのプライバシー ポリシーに同意したものとみなされます。