Via ThreatExpert Blog -
ZeuS 2.0 kit release introduces a few tricks designed to complicate the analysis of its configuration files.
Apart from randomized side-effects that the new trojan leaves on a system, including its ability to morph in order to avoid hash-based detections (well, hash-based detections never worked against ZeuS anyway, given the sheer volume and frequency of the generated samples and the variety of used packers), it seems that this time a great care was taken in protecting its configuration files.
The trojan now uses more layers in order to decrypt its configuration files.
Shrek: Onions have layers. Ogres have layers... You get it? We both have layers.
Donkey: Oh, you both have layers..
[...]
To assist those researchers who need to decrypt and analyze the contents of the ZeuS 2.0 configuration files, the ZeusDecryptor tool is available for download here.
No comments:
Post a Comment