The Zeustracker site provides up to date information on the overall Zbot threat. It’s very well put together and a great source of information. The spyware is especially concerning, not because of sophisticated delivery techniques (the kit includes commodity exploits), but because of the effectiveness of the payload’s functionality: “The trojan tries to steal credentials for online services (like ebanking accounts, facebook and other online services).”
Unfortunately, we’ve seen hosted Zeus services that can be leased out, and for a while their revenues must have disappointed their owners. But with C&C servers distributed all over the world, we can surmise that the efforts are sustaining themselves.
We’ve also seen the Zeus kit used to attack users all over the globe for banking information, and the tracker site mirrors much of the prevented activity in the ThreatFire community. The c&c are distributed all over the globe, and the activity has been fairly high over the past six months.
Click on the Zbot label below for earlier posts and links to Dancho Danchev’s posts on Zeus.