Botnet with integrated copy protection
The current version of the ZeuS botnet uses classical copy protection mechanisms to prevent the use of unlicensed pirate copies. ZeuS is a malware toolkit used, for instance, to steal online banking data. The basic version currently costs about $3,000 to $4,000.
Security firm SecureWorks has discovered that the ZeuS server only works with a system specific key. Similar to the Windows OS, the malware creates a kind of fingerprint of the respective hardware configuration when first started. The vendor then provides the user with a personalised licence key for this configuration.
The ZeuS server is responsible for controlling the botnet. It communicates with the infected computers – the bots –, it receives the data they provide and issues commands, etc. The client software injected on victims' systems of course does not require a licence key. Extensive division of labour has existed in the malware scene for some time. Many gangs use the professional ZeuS software which is modular and can – for a fee – be extended to include, for instance, different Windows versions or browsers. By using a licence management system, the product has reached a new level of professionalism.
- Microsoft takes legal action against botnet, a report from The H.
- Spy versus spy, a report from The H.