Visa Sphinx Trojan---Zeus Over Tor[Image: 56bd00ac08074.png]Why Z0t?----

1. Visa Sphinx Trojan---Zeus Over Tor
2. [Image: 56bd00ac08074.png]
3.  
4. Why Z0t?
5. ------------------
6. EXTREME RESILIENCE
7. ------------------
8. Zeus Over Tor cannot be shut down by Spamhaus or Zeus-Tracker or any methods currently employed by organizations hell bent on removing the zeus threat. It can't be shut down because you cannot find the ip address of the hosting from the hidden service address and so thus cannot report to the hosting company that you are indeed hosting malware. Furthermore Zeus Over Tor does not require you to register a domain, you have a hidden service address and as such you can easily move your botnet within one hour and your hidden service domain cannot be shut down because with hidden service there is no domain registration. The domain is generated dynamically when you create your hidden service. This feature alone makes Zeus Over Tor the most resilient and easy to maintain financial malware currently available on the market, bar none.
9. ==========================================================
10. Sphinx is tested and working on WinXP, Win7, Win8, Win8.1, Windows10. Internet, Firefox And Chrome Latest versions tested -- 11.02.2016
11. ------------------------------------------
12. In Depth Analasys of Zeus By British Media
13. ------------------------------------------
14. [youtube]https://www.youtube.com/watch?v=DUnZMwXCkyw[/youtube]
15. https://www.youtube.com/watch?v=DUnZMwXCkyw
16. MAN IN THE BROWSER PART 1
17.  
18. [youtube]https://www.youtube.com/watch?v=14TZOjG97EM[/youtube]
19. https://www.youtube.com/watch?v=14TZOjG97EM
20. MAN IN THE BROWSER PART 2
21.  
22. -------------------------------------------------------------------
23. Vice Documentary On Fraud In The UK - (Zeus is inevitably the source of many of the details acquired and used to commit fraud based in this documentary)
24. -------------------------------------------------------------------
25. [youtube]https://www.youtube.com/watch?v=lA4R84xfLOQ[/youtube]
26. https://www.youtube.com/watch?v=lA4R84xfLOQ
27. Vice - How To Get Away With Stealing
28.  
29.  
30. ================================================================
31. Zeus0verTor trojan is coded in C++ based on ZeuS source-code. It
32. operates fully through the Tor network using Tor hidden service. Zeus0verTor
33. is immune to sinkholing, blacklisting and ZeuS tracker.
34.  
35. :: Malware:
36. - Formgrabber and Webinjects for latest Internet Explorer, Mozilla
37. Firefox, Google Chrome and Tor Browser with cookie grabber fo IE and transparent page
38. redirect(Webfakes).
39. - Backconnect SOCKS, VNC.
40. - Socks 4/4a/5 with UDP and IPv6 support
41. - FTP, POP3 grabber
42. - Certificate grabber
43. - Keylogger
44. - Installation
45.  
46.  
47.  
48. Backconnect VNC - WinXp, VIsta: https://vimeo.com/147444171
49.  
50. It allows you to make money transfers right from your victims computer. Your VNC is
51. done on a different desktop than victim is using so its completely
52. hidden. You can steal money from bank while victim is playing
53. multiplayer games or watching movies. Forget about configuring browser,
54. because when carding with Zeus0verTor you don't need to. With Backconnect
55. VNC you can also remove anti-virus/rapport software from victim. Port-
56. forwarding for victim is not required due to use of Reverse connection.
57.  
58. Backconnect SOCKS:
59. Use your victims as a SOCKS proxy. Port-forwarding is not required due
60. to use of Reverse connection.
61.  
62. Webinjects:
63. Used for speeding up report gathering. With Webinjects you can change
64. the content of website and ask more information. You can do such things
65. as asking for credit-card data from victims PayPal/Amazon/Ebay/Facebook
66. for successful login. Webinjects use ZeuS format.
67.  
68. Webfakes:
69. Used to do phishing attacks without having to trick victim in to going
70. in to a fake domain. When configured for bankofamerica, user will be
71. transparently redirected to your phish site without changing url.
72.  
73. Installation:
74. At the moment, the bot is primarily designed to work under Vista/Seven,
75. with enabled UAC, and without the use of local exploits. Therefore the
76. bot is designed to work with minimal privileges (including the user
77. "Guest"), in this regard the bot is always working within sessions per
78. user (from under which you install the bot.). Bot can be set for each
79. use in the OS, while the bots will not know about eachother. When you
80. run the bot as "LocalSystem" user it will attempt to infect all users
81. in the system.
82.  
83. When you install, bot creates its copy in the user's home directory,
84. this copy is tied to the current user and OS, and cannot be run by
85. another user, or even more OS. The original copy of the same bot (used
86. for installation), will be automatically deleted, regardless of the
87. installation success.
88.  
89.  
90. :: Webpanel:
91. Zeus0verTor uses the same familiar Zeus command and control panel
92.  
93. Features:
94. - XMPP notification
95. - Statistics
96. - Botlist
97. - Scripts
98.  
99. XMPP notification:
100. You can receive notifications from the Control Panel in the Jabber-
101. account.
102.  
103. At the moment there is a possibility of receiving notifications about a
104. user entering a defined HTTP/HTTPS-resources. For example, it is used
105. to capture user session in an online bank.
106.  
107. Scripts:
108. You can control the bots by creating a script for them.
109.  
110. Statistics:
111. - Number of infected computers.
112. - Current number of bots that are online.
113. - The number of new bots.
114. - Daily activity of bots.
115. - Statistics by OS.
116.  
117. -------------------------
118. -------------------------
119.  
120.  
121. PRICE: $500 Per Bin --- New version pending upon which price will sharply rise - [NOTE] The builder is not for sale. [NOTE]
122. ======================================================
123. If you wish to setup your server ask us for the panel files before purchase.
124. ------------------------------------------------------------------
125. If you wish for us to setup your server:
126. PRICE: 100$ --- Fresh Servers Only. We can provide a server for you if you wish this will take 12 hours. We appreciate your kindness in not asking our sales & tech guys for free tech support and server setup. All sales are final and we do not give refunds for reasons of customers not being able to setup their servers and wanting free setup. A free tutorial will be provided to each customer for windows server setup, if setup is required we can do this for the price stated above.
127.  
128.  
129. We also provide traffic and exploit kit if needed.
130.  
131. I thank you for your patience in reading & welcome to Zeus0verTor. The future in financial malware.
132.  
133.  
134. Zeus0verTor Demo panel and bot
135. ---------------------------------------------
136. http://6araahcqgbaebwcs.onion/cp.php?m=login
137. ---------------------------------------------
138. user: alphabay
139. pass: alphabay
140. ------------------------------------------------------------------------------
141. Here is the link for the uncrypted bot:https://www.sendspace.com/file/yyme62
142. ------------------------------------------------------------------------------
143. This is a demonstration panel and uncrypted executable of Zeus0verTor for public use.
144. --------------------------------------------------------------------------------------
145.  
146. ==============================
147. Jabber: zeusovertor@exploit.im - Sales Support & Tech
148. z0t_support@exploit.im - Lead Sales
149. z0t_support@siph0n.pw - Sales
150. ==============================