This latest one has been singled out by Avira's researcher simply because the malware variant has been signed with a digital certificate issued to the company - or so it may seem at first glance.
Upon closer inspection, one can notice that something is wrong:
"Microsoft Windows shows a note 'A certificate chain processed, but terminated in a root certificate which is not trusted by the trust provider'," points out the researcher. "Don’t misunderstand that message – it means that this certificate is not created by Avira GmbH and therefore it’s not a stolen certificate."
This is not the first time that a Zeus variant has been discovered hiding behind a seemingly legitimate digital certificate - last time, Zeus peddlers used the digital signature for a Kaspersky tool designed to clean computers from precisely that Trojan family.