Zemra Bot Code Released

Monday, July 9, 2012 @ 02:07 PM gHale


Source code for the Zemra Trojan, which cyber crooks are already using for distributed denial-of-service (DDoS) attacks, is currently circulating online.

In contrast to the widely distributed Zeus bot, the source code for which is also available online, Zemra is very new. It has only been available to purchase from underground forums since May this year and malicious parties are currently using it against organizations for the purpose of extortion, said researchers at security provider Symantec.

RELATED STORIES
Google: No New Android Spam Botnets
Botnet Masters Busted
Botnet Infects 6 Million Systems
Lulzsec Member Plead Guilty

So far, the only anti-virus solution able to detect the bot is Symantec’s.

Symantec said the crimeware pack is not currently very widespread. However, the availability of the source code means this could rapidly change, since anyone can now modify the bot for their own ends. This is not especially hard as Zemra uses C# programming language. The source code should be comprehensible to anyone with basic programming skills, and new functionality can add in with relative ease.

The basic version, works just fine for most of the criminals. As well as various types of DDoS attacks, Zemra can also download and run malicious programs from the web on command.

It can also open a SOCKS proxy on an infected computer, allowing the bot herder to utilize the victim’s Internet connection for any purposes. Zemra is also able to spread via USB flash drives. Another bonus is encrypted communication between the bot and the PHP-based command-and-control server, which also is a part of the deal.



Leave a Reply

You must be logged in to post a comment.