0day - zeusovertor

1.  
2. Why Z0t?
3. ------------------
4. EXTREME RESILIENCE
5. ------------------
6. Zeus Over Tor cannot be shut down by Spamhaus or Zeus-Tracker or any methods currently employed by organizations hell bent on removing the zeus threat. It can't be shut down because you cannot find the ip address of the hosting from the hidden service address and so thus cannot report to the hosting company that you are indeed hosting malware. Furthermore Zeus Over Tor does not require you to register a domain, you have a hidden service address and as such you can easily move your botnet within one hour and your hidden service domain cannot be shut down because with hidden service there is no domain registration. The domain is generated dynamically when you create your hidden service. This feature alone makes Zeus Over Tor the most resilient and easy to maintain financial malware currently available on the market, bar none.
7. ==========================================================
8. Sphinx is tested and working on WinXP, Win7, Win8, Win8.1, Windows10. Internet, Firefox And Chrome Latest versions tested -- 11.02.2016
9. ------------------------------------------
10. In Depth Analasys of Zeus By British Media
11. ------------------------------------------
12. [youtube]https://www.youtube.com/watch?v=DUnZMwXCkyw[/youtube]
13. https://www.youtube.com/watch?v=DUnZMwXCkyw
14. MAN IN THE BROWSER PART 1
15.  
16. [youtube]https://www.youtube.com/watch?v=14TZOjG97EM[/youtube]
17. https://www.youtube.com/watch?v=14TZOjG97EM
18. MAN IN THE BROWSER PART 2
19.  
20. -------------------------------------------------------------------
21. Vice Documentary On Fraud In The UK - (Zeus is inevitably the source of many of the details acquired and used to commit fraud based in this documentary)
22. -------------------------------------------------------------------
23. [youtube]https://www.youtube.com/watch?v=lA4R84xfLOQ[/youtube]
24. https://www.youtube.com/watch?v=lA4R84xfLOQ
25. Vice - How To Get Away With Stealing
26.  
27.  
28. ================================================================
29. Zeus0verTor trojan is coded in C++ based on ZeuS source-code. It
30. operates fully through the Tor network using Tor hidden service. Zeus0verTor
31. is immune to sinkholing, blacklisting and ZeuS tracker.
32.  
33. :: Malware:
34. - Formgrabber and Webinjects for latest Internet Explorer, Mozilla
35. Firefox, Google Chrome and Tor Browser with cookie grabber fo IE and transparent page
36. redirect(Webfakes).
37. - Backconnect SOCKS, VNC.
38. - Socks 4/4a/5 with UDP and IPv6 support
39. - FTP, POP3 grabber
40. - Certificate grabber
41. - Keylogger
42. - Installation
43.  
44.  
45.  
46. Backconnect VNC - WinXp, VIsta: https://vimeo.com/147444171
47.  
48. It allows you to make money transfers right from your victims computer. Your VNC is
49. done on a different desktop than victim is using so its completely
50. hidden. You can steal money from bank while victim is playing
51. multiplayer games or watching movies. Forget about configuring browser,
52. because when carding with Zeus0verTor you don't need to. With Backconnect
53. VNC you can also remove anti-virus/rapport software from victim. Port-
54. forwarding for victim is not required due to use of Reverse connection.
55.  
56. Backconnect SOCKS:
57. Use your victims as a SOCKS proxy. Port-forwarding is not required due
58. to use of Reverse connection.
59.  
60. Webinjects:
61. Used for speeding up report gathering. With Webinjects you can change
62. the content of website and ask more information. You can do such things
63. as asking for credit-card data from victims PayPal/Amazon/Ebay/Facebook
64. for successful login. Webinjects use ZeuS format.
65.  
66. Webfakes:
67. Used to do phishing attacks without having to trick victim in to going
68. in to a fake domain. When configured for bankofamerica, user will be
69. transparently redirected to your phish site without changing url.
70.  
71. Installation:
72. At the moment, the bot is primarily designed to work under Vista/Seven,
73. with enabled UAC, and without the use of local exploits. Therefore the
74. bot is designed to work with minimal privileges (including the user
75. "Guest"), in this regard the bot is always working within sessions per
76. user (from under which you install the bot.). Bot can be set for each
77. use in the OS, while the bots will not know about eachother. When you
78. run the bot as "LocalSystem" user it will attempt to infect all users
79. in the system.
80.  
81. When you install, bot creates its copy in the user's home directory,
82. this copy is tied to the current user and OS, and cannot be run by
83. another user, or even more OS. The original copy of the same bot (used
84. for installation), will be automatically deleted, regardless of the
85. installation success.
86.  
87.  
88. :: Webpanel:
89. Zeus0verTor uses the same familiar Zeus command and control panel
90.  
91. Features:
92. - XMPP notification
93. - Statistics
94. - Botlist
95. - Scripts
96.  
97. XMPP notification:
98. You can receive notifications from the Control Panel in the Jabber-
99. account.
100.  
101. At the moment there is a possibility of receiving notifications about a
102. user entering a defined HTTP/HTTPS-resources. For example, it is used
103. to capture user session in an online bank.
104.  
105. Scripts:
106. You can control the bots by creating a script for them.
107.  
108. Statistics:
109. - Number of infected computers.
110. - Current number of bots that are online.
111. - The number of new bots.
112. - Daily activity of bots.
113. - Statistics by OS.
114.  
115. -------------------------
116. -------------------------
117.  
118.  
119. PRICE: $500 Per Bin --- New version pending upon which price will sharply rise - [NOTE] The builder is not for sale. [NOTE]
120. ======================================================
121. If you wish to setup your server ask us for the panel files before purchase.
122. ------------------------------------------------------------------
123. If you wish for us to setup your server:
124. PRICE: 100$ --- Fresh Servers Only. We can provide a server for you if you wish this will take 12 hours. We appreciate your kindness in not asking our sales & tech guys for free tech support and server setup. All sales are final and we do not give refunds for reasons of customers not being able to setup their servers and wanting free setup. A free tutorial will be provided to each customer for windows server setup, if setup is required we can do this for the price stated above.
125.  
126.  
127. We also provide traffic and exploit kit if needed.
128.  
129. I thank you for your patience in reading & welcome to Zeus0verTor. The future in financial malware.
130. Zeus0verTor Demo panel and bot
131. ---------------------------------------------
132. http://6araahcqgbaebwcs.onion/cp.php?m=login
133. ---------------------------------------------
134. user: alphabay
135. pass: alphabay
136. ------------------------------------------------------------------------------
137. Here is the link for the uncrypted bot:https://www.sendspace.com/file/yyme62
138. ------------------------------------------------------------------------------
139. This is a demonstration panel and uncrypted executable of Zeus0verTor for public use.
140. --------------------------------------------------------------------------------------
141.  
142. ==============================
143. Jabber: zeusovertor@exploit.im - Sales Support & Tech
144. z0t_support@exploit.im - Lead Sales
145. z0t_support@siph0n.pw - Sales
146. ==============================