johnni_doe
Member
Hello, venerable carders.
I assume that with the leak of the Zeus 2.0.8.9 source code many have attempted to play with the code. For many of us it makes no sense to buy expensive bullet-proof hosting services before we have a working and fully undetectable Zeus binary configured to work with our specific IP address. I have attempted to set up a typical web server on my computer and see if Zeus 2.0.8.9 source code can produce anything workable. So far I have been unsuccessful. The produced binary seems to infect the computer but it does not show up in the control panel for some reason.
I suggest we join forces together and share ideas to produce something that will be of benefit to everyone here on the forum.
So, my setup is as follows:
Zeus 2.0.8.9 source code + included builder
WAMP server (MySQL+PHP+Apache)
Zend Optimizer module
VMWare running Windows XP Pro.
Firefox browser
I installed the Wamp server inside the VMWare machine and put it online. (You might have to be connected to the internet or your router to be able to browse to the 127.0.0.1 interface. I think this is some WAMP peculiarity) Next, I copied the ZeuS control panel files on the server, puting everything in a separate folder, so that the address of the control panel is http://127.0.0.1/zeus/cp.php
I then proceeded to set up the MySQL database for the botnet. Once that was done I installed the controll panel by following the instructions of the install script. The encryption key was 123456. The installation completed successfully without any errors.
The next step was to build the binary file. I reconfigured the config.bin file to force the bot to connect to http://127.0.0.1/zeus/gate.php and look for the config file in http://127.0.0.1/zeus/config.bin. The encryption key was again 123456 to mach the one from the control panel. The build completed successfully. I then executed the new bot file on the computer. It just dissapeard from its location folder. Computer infected!!! (I ran a virus scan later on and it reported the Zeus variant running on the computer) But then when I go to the control panel there is nothing there. I tried to reboot the computer to see if it finally shows up in the control panel, but without success. I also played with the settings in the panel to display the behind NAT/outside NAT, online/offline bots settings. But again without success.
So far I am stuck. The problem may lie in my particular setup being on localhost or the fact that I have both the contol server and the infected machine is one and the same computer.
Can anyone share some ideas? I intend on putting more information here in this thread as I progress towards a working Zeus setup a.k.a. public variant.
I assume that with the leak of the Zeus 2.0.8.9 source code many have attempted to play with the code. For many of us it makes no sense to buy expensive bullet-proof hosting services before we have a working and fully undetectable Zeus binary configured to work with our specific IP address. I have attempted to set up a typical web server on my computer and see if Zeus 2.0.8.9 source code can produce anything workable. So far I have been unsuccessful. The produced binary seems to infect the computer but it does not show up in the control panel for some reason.
I suggest we join forces together and share ideas to produce something that will be of benefit to everyone here on the forum.
So, my setup is as follows:
Zeus 2.0.8.9 source code + included builder
WAMP server (MySQL+PHP+Apache)
Zend Optimizer module
VMWare running Windows XP Pro.
Firefox browser
I installed the Wamp server inside the VMWare machine and put it online. (You might have to be connected to the internet or your router to be able to browse to the 127.0.0.1 interface. I think this is some WAMP peculiarity) Next, I copied the ZeuS control panel files on the server, puting everything in a separate folder, so that the address of the control panel is http://127.0.0.1/zeus/cp.php
I then proceeded to set up the MySQL database for the botnet. Once that was done I installed the controll panel by following the instructions of the install script. The encryption key was 123456. The installation completed successfully without any errors.
The next step was to build the binary file. I reconfigured the config.bin file to force the bot to connect to http://127.0.0.1/zeus/gate.php and look for the config file in http://127.0.0.1/zeus/config.bin. The encryption key was again 123456 to mach the one from the control panel. The build completed successfully. I then executed the new bot file on the computer. It just dissapeard from its location folder. Computer infected!!! (I ran a virus scan later on and it reported the Zeus variant running on the computer) But then when I go to the control panel there is nothing there. I tried to reboot the computer to see if it finally shows up in the control panel, but without success. I also played with the settings in the panel to display the behind NAT/outside NAT, online/offline bots settings. But again without success.
So far I am stuck. The problem may lie in my particular setup being on localhost or the fact that I have both the contol server and the infected machine is one and the same computer.
Can anyone share some ideas? I intend on putting more information here in this thread as I progress towards a working Zeus setup a.k.a. public variant.
