Zeus Dropper Results in Repeated Infections on Computers
Trend Micro the security company has alerted that a newly discovered plug-in, which associates with Trojan Zeus, enables computers to be contaminated again and again with new malicious software.
The plug-in, PE_LICAT.A-O that was first detected in October beginning this year (2010) automatically enters inside an executable which results in its becoming memory-resident so that when any file is run later it becomes contaminated with malware.
Explains Trend Micro, whenever PE_LICAT.A is run, the malware tries to pull down content from websites registered on high-ranking domains like com, org, info, net and biz. This it attempts at doing up to 800 times, the security vendor claims. Securecomputing.net.au published this during the end-week of October 2010.
Furthermore according to Trend Micro, the downloader displays a few behaviors that have a connection with Zeus; however, Zeus hitherto hasn't demonstrated any action that relates to a downloader.
Remarking about this observation, Senior Security Advisor Rik Ferguson at Trend Micro said that it represented the Zeus' evolution accompanied with an add-on, which was a fresh Zeus component alternatively a plug-in which was created to give Zeus the functionality of an infector, as well as a dropper that featured the downloading ability. Securecomputing.net.au reported this.
Worryingly, it's evident from the aforementioned news report that Zeus is growing. Indeed, the same report appears more believable on the basis of the statistics which Microsoft recently released.
Meanwhile, during the 3rd week of October 2010, merely seven days following Zbot's inclusion into Microsoft's Malicious Software Removal Tool, the software giant said that its researchers detected the malware on 1 in 5 contaminated PCs. The tool apparently eliminated 281,491 Zbot contaminations out of 274,873 PCs, indicating that multiple variants impacted systems counting to a more-or-less small number.
Conclusively, Research Engineer Julius Dizon at Trend Micro said that in order that Zeus along with its variants were adequately defended against, it was not sufficient to use traditional anti-viruses. Users also required to be protected with the combined working of enhanced methods of detection along with feasible blockage to site access, he explained. Itpro.co.uk published this during the 3rd week of October 2010.
Related article: Zeus Trojan Stole Huge Amount of Information
» SPAMfighter News - 10-11-2010