Zeus retrieves attack list hidden in sunset and cat images
Posted on 04.03.2014
Malware peddlers employing a new Zeus banking Trojan variant have resorted to hiding the malware's configuration file into innocuous-looking sunset and cat photos, warns Trend Micro.

The practice has been also spotted by Malwarebytes researchers in mid-February. Analyst Jerome Segura has then analyzed the malicious sunset photos and compared it with an unmodified one he found on the Internet.

"If we put both pictures (the original and altered one) side by side and view them in bitmap mode, we can spot where extra data was added," he pointed out.


"The malware was retrieving a JPG image hosted on the same server as were other malware components," he noted.

Once decrypted, the hidden data in the picture reveals the file's true purpose, as it contains the list and URLs of banks and financial institutions that should be targeted.

"Hiding malevolent code in such a way can successfully bypass signature-based Intrusion Detection Systems or even antivirus software. From a webmaster point of view, images (especially ones that can be viewed) would appear harmless," Segura noted. "Itís a reminder that a file should not be considered safe simply because it appears to be a legitimate picture, song or movie."

This particular Zeus variant does what this type of malware usually does: it allows crooks to harvest the users' banking and other account credentials. But it also downloads another piece of malware that removes the X-Frames-Options HTTP header from sites the user visits, allowing websites to be displayed inside a frame.

"Webmasters use this setting to ensure their sites are not used in clickjacking attacks," Trend Micro researchers pointed out.









Spotlight

Patching: The least understood line of defense

Posted on 29 August 2014.  |  How many end users, indeed how many IT pros, truly get patching? Sure, many of us see Windows install updates when we shut down our PC and think all is well. Itís not.


Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.
  



Daily digest

Receive a daily digest of the latest security news.
  

DON'T
MISS

Tue, Sep 2nd
    COPYRIGHT 1998-2014 BY HELP NET SECURITY.   // READ OUR PRIVACY POLICY // ABOUT US // ADVERTISE //