Security researchers compromised what they believed to be a control server for the Zeus botnet, but after examining it in detail, they concluded that it was a fake, designed to allow botmasters to spy on security researcher tactics and plan countermeasures.
What particularly stands out about the EFTPS exploit toolkit is their admin interface. Note that it’s common for most exploit toolkits to contain an admin interface that manages exploits, payloads, and tracks exploit success rates. However, the EFTPS exploit toolkit contains a completely fake admin console. This admin interface acts as a “hacker honeypot” that records detailed information about who attempted to access the admin console, as well as who attempted to hack into it. The fake login system conveniently accepts default/easily guessed credentials and common SQL injection strings…Finally, notice that the user can also upload “new bot” malware, which is also logged. This should serve as a warning to researchers, don’t always believe what you see on these stats pages…
Related Posts: On this day...
- Clip of Dark Knight Rises filming today in NYC - 2011
- Avatar Collector's Edition on Blu-ray preorders for $25 shipped - 2010
- TSA official slipped white powder into fliers' bags, told them they'd been caught with coke and were under arrest - 2010
- $2K bounty for free/open Kinect drivers (Microsoft thinks this is illegal!) - 2010
- HOWTO: Build a home server in a whisky bottle - 2009
- Love of Shopping is Not a Gene: exposing junk science and ideology in Darwinian Psychology - 2009
- Today's Script kiddies have awesome tools - 2008
- Capitalize on Call Avoidance - 2008
- Vector Magic - 2007