14 DAY TRIAL // A security researcher reverse-engineered a Zeus sample received via a phishing email and managed to catch the scammer on camera.
Raashid Bhatt exposes his method of tracing and taking control of the cybercriminal’s command and control panel using tools developed by different security researchers.
Bhatt provides a technical presentation of the actions leading to the image capture of the perpetrator. His endeavor started with IDA Pro, a disassembler and debugger, and then he worked his way to unpacking the malware binary and bypassing the protection mechanisms.
For gaining access to the control panel of the malware the researcher took advantage of a tool created by Xylitol for exploiting a publicly known vulnerability in some Zeus variants.
Then he deployed the "webcam_snap", a script in Metaspoit hacking tool that grabs a picture with the computer’s built-in camera, and patiently waited for the crook to connect to the administration panel. Once the scammer logged in, the webcam took a picture and saved it on the target machine.
Bhatt had the malware sample delivered via an email, as an attachment posing as an image. The body of the message was designed to lure the potential victim to open the attached file by informing that someone from the victim’s office had been found dead outside.
This is not the best example of a scam, but, even so, curiosity to see the picture could be too difficult to refrain and users may still fall for the deceit.