Hackers Develop New Version of Zeus Bank Trojan
As per the security firm 'Computer Associates (CA),' hackers have developed a new version of the Zeus crimeware toolkit. The researchers have named this new crimeware tool kit as the 'Zeus version 3'.
The new Zeus program configuration includes the list of targeted financial organizations from Germany, Spain, the USA and United Kingdom. The preceding versions of this crimeware toolkit contained the list of all financial organizations from different countries across the globe, but this new version only highlights the targeted nations and is paired as - UK-USA, Spain-Germany, CA reports.
CA discloses that the latest version of Zeus includes features that make it quite harder for the security experts to find out what the malware is doing.
Zarestel Ferrer, Senior Research Engineer at CA's Internet Security Business Unit, commented on the configuration file of new Zeus version 3. Ferrer said that in the previous versions, Zeus handled this configuration in such a manner that security experts could manage to reverse engineer and capture the complete and real configuration content, as reported by TheRegister on July 13, 2010.
However, this is not possible in the new Zeus version 3 wildly circulating on the Internet. It makes use of various protection layers by applying the theory of least privilege. This simply means that the program must only access remote commanded, resources and information essential for a particular function, Ferrer said.
According to the CA, command and control systems linked with the bot are "mainly hosted in Russia."
CA also discloses that apart from the abovementioned four nations (Germany, Spain, United Kingdom and USA), Zeus Trojan also look for opportunities in countries like Australia, Ireland, Taiwan, Pakistan, France, Portugal, United Arab Emirates, Turkey, Poland, Bulgaria, Netherlands and Belgium. This simply means that the masterminds of this Trojan are trying to trap the online banking netizens of these countries by installing Trojan during their online transactions.
Finally, CA advises all the users to keep their security software up-to-date and should be aware of internet security while performing online transactions so that they are not being victimized by this new version of Zeus Trojan.
Related article: Hackers Redirect Windows Live Search to Malicious Sites
» SPAMfighter News - 23-07-2010