Gorillas

ZeuS Botnet aticiinsaat org ZeuS 2.0.8.9 banking trojan botnet hosted on aticiinsaat.org - 159.253.36.219 (Turkey) aticiinsaat.org. 8878 IN A 159.253.36.219 Domain Name:ATICIINSAAT.ORG Domain ID: D171358345-LROR Creation Date: 2014-03-11T11:26:47Z Updated Date: 2014-05-11T03:46:02Z Registry Expiry Date: 2015-03-11T11:26:47Z Sponsoring Registrar:PDR Ltd. d/b/a PublicDomainRegistry.com (R27-LROR) inetnum:        159.253.36.0 - 159.253.36.255 remarks:        INFRA-AW netname:        NETINTERNET Admin login:   Home: 70 bots (many CN, mixed world installs) 13k reports OS Stats: We still see WinXP as top OS, however Win7 and Win7 64bit are catching up. This machine had another ZeuS/Citadel on it as well. You can see it calling home to the gate.php (This botnet is offline now too) Example of banking credentials being stolen from a victim. Note the HTTPS in the url. TLS/SSL does not help here. ZeuS malware has hooked the brows...