New ZeuS Botnet No Longer Needs Central Command Servers 137
c0mpliant writes "Researchers at Symantec have identified a new variant of the ZeuS botnet which no longer requires a Command and Control server. The new variant uses a P2P system, which means that each bot acts like a C&C server, but none of them really are. The effect of which is that takedowns of such a network will be extremely difficult because there is no one central source to attack."
Re:They still need a C&C (Score:5, Informative)
If my understanding is correct, the entire Zeus network now communicates amongst itself. There's no intermediate sites, IRC channels, twitter accounts, etc.
This also means that any infected machine can act as the C&C. If that machine gets taken down, all the zeus authors need to do is use another node and keep going. It'll be extremely difficult to trace where the commands are genuinely coming from unless they happen to have access to the C&C server that originally sent the command, then hope that some sort of trail has been left - not an easy task, really