Asia - The Biggest Target of New Zeus Trojan

Danny Siew, senior director for technical support at Trend Micro (Asia-Pacific region), has cautioned the Asian users of potentially being highly vulnerable as the latest Zbot variant (banking Trojan Zeus) is now capable of targeting the Firefox browser, as reported by zdnetasia.com on April 30, 2010.

With reference to the Mozilla Metrics Report for Q1 2010, Siew said that during the reporting time period, from mid-December 2009 to mid-March 2010, countries like India, the Philippines and Indonesia, have posted substantial increase in the usage of Firefox.

The company, in its report, also said that Firefox's market share in Indonesia goes on to increase north of 60%. Also, according to Mozilla's report, the global market share of Firefox as at the first quarter of the year hovered at around 30%. Even though Firefox's major supporters are situated in Europe, the browser's Asian market share is 26.6%.

Siew added that the firm has spotted samples of latest Zeus variant including TSPY_ZBOT.CQJ and TSPY_ZBOT.CRM.

Security firm Trusteer highlighted this new strain in April's third week in a press release.

However, as communicated by Ronnie Ng, senior manager for Systems Engineering at Symantec Singapore, in an email, Zeus's earlier variants have been a major threat in the Asia-Pacific region, as reported by zdnetasia.com on April 30, 2010.

On the basis of the latest Internet Security Threat Report by Symantec, Ronnie Ng highlighted that the security purveyor observed around 90,000 distinctive versions of the basic Zeus toolkit, which made Zbot Trojan the second-most widespread new malcode category witnessed in the APJ (Asia-Pacific and Japan) region.

NetWitness, yet another security firm, discovered Zeus's another variant in February 2010. This new variant has been employed to steal an extensive array of data/information, which includes tens of thousands of login details, primarily of financial accounts. The recovered information was apparently a month's worth of data from command-and-control servers of the botnet.

On a concluding note, Siew said that users must exercise caution while opening up an e-mail and clicking on embedded URLs that claim to be directing to genuine websites. One can easily fall prey to Zbot attacks by clicking links in e-mails coming from unknown sources.

Related article: Asia the new breeding ground for spam

» SPAMfighter News - 5/11/2010