Zeus Botnet Server Fakes an Arrest to Learn How Security Researchers Work

Security Researchers claimed a major hit when they stumbled on the control server of the Zeus botnet. However, the lesser-known fact for them was that, the control panel of the server they discovered was a reverse learning process for botnet masters to learn the methods of security researchers!

The admin interface used by the Zeus botnet server has two distinct levels of access and visibility. For those trying weak password guesses and SQL injections on the database, the database allows a fake access and takes you to a fake control panel that works pretty much like a real one. However, in reality, the only thing that happens in this admin panel is that your activities are recorded.  Another feature in the fake admin panel is that you can also upload your own bots. This fake admin panel works as a considerable amount of security for a botnet.

This botnet security is the first of its kind. It has taught me a very good lesson. Sometimes security is not all to be implemented in a single layer. The user interface is itself considerably important for security. If a seemingly secure UI (user interface) can lure researchers into believing in security, by reverse psychology, we can create user interfaces that have some level of security integrated into them.


Published by

Chinmoy Kanjilal

Chinmoy Kanjilal is a FOSS enthusiast and evangelist. He is passionate about Android. Security exploits turn him on and he loves to tinker with computer networks. You can connect with him on Twitter @ckandroid.