Zeus Trojan has Self-Destruct Option
From Brian Krebs at The Washington Post:
One of the scarier realities about malicious software is that these programs leave ultimate control over victim machines in the hands of the attacker, who could simply decide to order all of the infected machines to self-destruct. Most security experts will tell you that while this so-called “nuclear option” is an available feature in some malware, it is hardly ever used. Disabling infected systems is counterproductive for attackers, who generally focus on hoovering as much personal and financial data as they can from the PCs they control.
But try telling that to Roman Hüssy, a 21-year-old Swiss information technology expert, who last month witnessed a collection of more than 100,000 hacked Microsoft Windows systems tearing themselves apart at the command of their cyber criminal overlords.
This is bad. I see it as a sign that the botnet wars are heating up, and botnet designers would rather destroy their networks than have them fall into “enemy” hands.
kashmarek • May 11, 2009 12:47 PM
It appears that we (someone with the wherewithal to do so) can recognize members of a botnet. So, why don’t we shut them down, or cut them off from access to their network, or just run their output into the bit bucket? Are those bots more important left alive? Are some of our government agencies running these botnets? Shut’m down!