How to detect Zeus Trojan - Detect Zeus botnet

Detecting adware/rootkit w/ DeepTide Malware IDS
Posted Tuesday, April 4, 2010 » 2:23AM EST by c0ldshadow

My friend recently got some nasty adware on his computer that installed a rootkit and hooked into Google Chrome's processes in order to commit click fraud. We tried 4 different malware scanning applications -- and 3 different antivirus programs -- to no avail. Then we used DeepTide Malware IDS and were able to determine the IP addresses the malware was connecting too, as Malware Domain List had the IPs in its database. We googled for the IP addresses and were able to determine the adware variant and a specific tool for removing it -- ComboFix. DeepTide Malware IDS got the assist, ComboFix got the goal. This is a quintessential example of how DeepTide Malware IDS can be useful. It doesn't fix the problem, but gives clues which may be the first of several steps required to find the problem and then fix it.

DeepTide Malware IDS v1.0 and Compressed NTFS File Decompressor v4.0 Released!
Posted Tuesday, December 1, 2009 » 10:26PM EST by c0ldshadow

DeepTide Malware IDS v1.0 released. Compressed NTFS File Decompressor v4.0 released. Both must be run with administrative rights to work properly (right click and "Run as administrator"). It should be noted that DeepTide malware IDS acts like an IDS (Intrusion Detection System) -- not an IPS (Intrusion Prevention System). An IDS does not actively block attack attempts as does an IPS. Alerts generated by the software do not mean you are infected for sure. For example, you could have just browsed to a malicious Web site resolving to a malware IP. It is also possible an alert could be generated by browsing to a legitimate site that had been compromised and injected with malicious javascript which was attempting to download malicious code from a malware IP. Any alert would require a little investigation or analysis to determine the root cause. Seeing a lot of alerts while not browsing the Internet could indicate a possible infection. Google for additional information regarding IP addresses in alerts and use tools like Process Explorer, TCPView, Wireshark, etc, to hunt down Trojans. The purpose of DeepTide Malware IDS is to let you know when something suspicious is going on... finding the root cause of alerts may require some investigation and research.

Welcome to DeepTide.com
Posted Sunday, November 22, 2009 » 11:28PM EST by c0ldshadow

Stay tuned for DeepTide Malware IDS v1.0...