Zeus variants are back with a vengeance
Posted on 24.05.2013
After analyzing the feedback from the company's Smart Protection Network, Trend Micro researchers have noted an upswing in attempted Zeus / Zbot Trojan infections.

After being practically non-existent in January, the rest of the months up until the beginning of May have witnesses a continuos rise in numbers of attempted Zeus/Zbot Trojan infections, Trend Micro researchers pointed out.

The main goal of the malware is the same as before: stealing any type of online credentials, including those user for online banking, and any kind of personal information that might be of use to criminally-minded individuals.

Still, the newer variants have been changed a bit (not that it ultimately matters much to the victims).

They now create two different folders on the system: one to stash a copy of themselves, and the other to host the stolen and encrypted information and the configuration file they download from a remote server. What was previously put in one folder in Windows' %System% folder is now in to random-named folders in the %Applications Data% folder.

"Zbot malware of this generation are found to be mostly either Citadel or GameOver variants. Unlike earlier version, the mutex name is randomly generated," the researchers pointed out. "Both variants send DNS queries to randomized domain names. The difference in GameOver variant is that it opens a random UDP port and sends encrypted packets before sending DNS queries to randomized domain names."

Configuration files are, as usual, subject to change depending on which information the attackers want to steal, and the malware still tries to prevent browsers from being able to visit security sites.

"What we can learn from ZeuS / Zbot’s spike in recent months is simple: old threats like Zbot can always make a comeback because cybercriminals profit from these," the researchers warn and advise: "It is important to be careful in opening email messages or clicking links. Bookmark trusted sites and avoid visiting unknown ones. Always keep your system up-to-date with the latest security releases from security vendors and install trusted antimalware protection."


The synergy of hackers and tools at the Black Hat Arsenal

Posted on 27 August 2014.  |  Tucked away from the glamour of the vendor booths and the large presentation rooms filled with rockstar sessions, was the Arsenal - a place where developers were able to present their security tools and grow their community.

Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.

Daily digest

Receive a daily digest of the latest security news.


Mon, Sep 1st