GameOver Zeus is one of the most famous Trojan Remote Administration Tools which has infected many servers between 2007 to 2010.
Zeus Botnet download was used to steal banking information by man-in-the-house keystroke logging and form grabbing. It spreads mainly through drive-by downloads and phishing schemes. It was identified first in 2007 when it used to steal information from the US department of transportation. By 2009 it was more it has widespread. The security company “Prevx” discovered that it had compromised over 74 thousand FTP accounts sites like Bank of America, Monster.com, NASA, Oracle, ABC, Cisco, Amazon, BusinessWeek and Play.com.
In 2010, some internet security vendors include internet identity and McAfee claimed that its creator had said that he was retiring and has given the source code and all rights to sell it to his biggest competitor was who was the creator of SpyEye Trojan. Some of the same experts however warned that the retirement was a ruse and expect the cracker to come back with some new tricks. By 2013, the source code and compiled binaries are founded to be hosted on GitHub.
- Web server + database.
- Remote administration tool (RAT) Zeus BotNet.
How to install Zeus BotNet Remote Administration Tool (Tutorial)
- First, you need to install a web server and database server. We are going to use XAMPP.
- Open the browser, type in http://localhost/phpmyadmin. Add in the username and passcode. The default username is “root” and leave the password space empty. After this create a new database. We named it “bot” but can be changed into what one prefers. This shall be used for the installation of RAT.
- After this you need to download its file and extract it, you shall find 3 main folders; builder, other and server [php]. Create a new folder inside C:\xampp\htdocs. We name it as bot, copy the server [php] contents into C:\xampp\htdocs\bot.
- Go back to the web browser and type in http://localhost/bot/install there in the address bar. Fill the required field with the correct information.
What you need to know about Zeus Malware and Virus Creator
- Host address for MySQL filled with database server IP address. If you are running XAMPP then it should be the IP address.
- The database is filled with information regarding the name of the database which we have created already.
- Encryption key to be filled with any characters with length from 1-255.
Note: If you see the following error:
Error: Failed connect to MySQL server. Host “youruserthatyouset” is not allowed to connect to this MySQL server”
Here is what you’ll need:
- Open PHPMyAdmin http://localhost/phpmyadmin, click the “privilege” tab, select the “edit” button to edit root user privileges.
- On the edit user page, go down and find in the login information section, change host from localhost to any host, hit the “Go” button.
- It shall have the following preview on successful installation:
- After this, you need to configure and create it bot client. For this, you need to open the “builder”, open the config.txt configuration file. Change url_config, url_loader and url_server configuration according to the required setting.
Note: Make sure to edit the path of webinjects.txt.
- Next, you need to open the zsb.exe file.
- Now we have a new file config.bin and bot.exe, copy these both into htdocs folder. Ours was inside C:\xampp\htdocs\bot.
- If we send generated bot.exe to the victim, after he executes the file then we can check our attacker server. Open browser and type in http://localhost/bot/cp.php, add in username and passcode.
- We could see a new infected victim there in the web interface and also view a desktop screenshot of the victim.
Once the victim is infected, the attacker can gather information from the including internet activities and even gather all sites username and password as this tool can act as a keylogger and capture login information.
To prevent the attack, make sure to update your OS and anti-virus and do not click on any link which looks suspicious in your mail or chat messenger.
How Zeus Botnet is infecting PCs, Smartphones and Servers
With two primary methods:
- Spam messages.
- Drive-by downloads.
Now, the spam messages come in the form of email, but there have been campaigns on social media that have been designed to spread malware via messages and postings on social media sites. Once someone clicks on the link in the mail or message then they are directed to a site that installs malware automatically. As it is adept at stealing login credentials, it can at times be configured to steal credentials of social media and email thus enabling botnet to spam messages from trustworthy sources and expand its range to a great extent.
Another one occurs when security thefts are able to corrupt legitimate sites, inserting their malicious codes into a site that the user trusts. Malware is then installed when the user visits the site or when he downloads and installs a benign program.
How to stay safe and remove Zeus
The first step to protecting yourself is through safe internet practices. This means that you avoid sites that are dangerous, like the ones which offer illegal free software, adult material, or illegal downloads, as the owners of such types of sites have no problem allowing malware owners to host their software on the website. Being safe also means that one does not click on links in email or social media messages unless and until you are expecting one.
If the message is from a trustworthy source, and if that source is afflicted by this, the message can be corrupt still. We also recommend reading our guide to staying safe from Malware and know when you are infected.
Be safe when you are interacting with financial institutions while being online. Two-factor authentications are when the website sends in a confirmation code to a mobile device to confirm the login. Keep in mind that though some offshoots from Zeus have also infected mobiles, therefore using this type of authentication should not be seen as a cure-all.
A powerful, updated anti-virus solution is a must-have as these kinds of solutions shall not only protect the user from visiting unsafe sites where they might find Trojan but could detect it when it downloads, tries to install or tries to run. Moreover, these solutions can also scan the system and remove malware if it exists on your machine already. This is why you should keep your PC safe and clean of malicious files.
As there are some anti-virus solutions out there including a number of which offer a free trial period. It is important that you select one which is from the leader in the industry that updates solutions on regular basis. The fact that its source code is public means that there shall be no end to the damage which this malware can cause, and every few years you can expect new versions of this to arise. Only security vendor who is vigilant against new threats has what it takes to protect one from this in the future.
In few years it has come a long way to infect millions of systems around the globe in a short period of time. Though, the original maker might not be running this any longer, the fact that its code is online and being talked about constantly. As it is improved with time it is becoming a new threat day by day.
Disclaimer: Only use this tool on systems and devices you have full permission to do so on. It is shared here solely for educational, research and informational purposes only. We will not be responsible for any damage you cause by using it.
Alternative RAT Tools like Zeus
- Cain and Abel Download for Windows/Android.
- SpyMax Download (Stealth and Hidden).
- Download SpyNote v7 and v8 (Bundle).
- AndroRAT for Android.
Download GameOver Zeus Botnet RAT (Source Code)
One of the most powerful and destructive RAT tools ever to be released. It caused a lot of disruption to companies and individuals. Various agencies and departments around the world have been working together to take it down. However, you can download Zeus Botnet RAT and malware creator for your own informational and educational uses.