Explore the latest news and trends  

Sign up for our weekly security newsletter

Be the first to receive important updates on security


Fresh Zeus Sample Contaminating Merely High-Performance Computers

F-Secure an anti-virus software provider warns that Zeus in a fresh incarnation is contaminating PCs that specifically operate at super-fast paces.

In particular, the malware just won't get planted on machines that have a processor of less than 2GHz. That isn't due to any assumption that the computer-operators are not rich enough to be defrauded through Internet banking; rather it is since the slow paces may be the result of a virus-detecting situation.

Therefore, with an in-built safeguard mechanism, the malicious Trojan terminates action leaving the PC free of infection in case it believes that a virus test is being applied to it. For, the test may partly consist of slowing down the pace of the PC through a debugger.

To experiment if the theory is correct, F-Secure released the Trojan into one IBM T42 laptop whose speed was no more than 1.86GHz. The company found that the laptop came through unharmed.

Elaborating on the theory further, Timo Hirvonen a malware analyst at F-Secure stated that when not even 232 timer updates happened at the time of an application pause for 2-secs, the Trojan thought that the system ran a debugger following which it terminated so that not much could be learnt of its presence. Techeye.net published this on November 25, 2010.

The above behavior of the Trojan thus implies that for a processor, which runs at a speed less than 2GHz, the new Zeus will consider it a test ambience and so leave the system un-infected.

Hirvonen further elaborated that the current Zeus sample might be helpful in case anyone desired constructing a botnet with high-profile specifications to crack codes. However, since Zeus variants were normally known to steal Internet banking credentials, the current variant was an utter loss from that standpoint, he added. Theregister.co.uk published this on November 25, 2010.

Sadly, Zeus is that crime-ware toolkit which's constantly developing and is illegally traded for a license worth only some hundred dollars. Meanwhile, the seeming mistake in connection with the F-Secure-detected Zeus variant, which merely contaminates high-speed systems, is totally unrelated with the numerous other Zeus-generated trojans that are actively circulating online.

Related article: Fark.com Files Suit against Suspected Hacker from Fox13

ยป SPAMfighter News - 12/7/2010

3 simple steps to update drivers on your Windows PCSlow PC? Optimize your Slow PC with SLOW-PCfighter!Email Cluttered with Spam? Free Spam Filter!

Dear Reader

We are happy to see you are reading our IT Security News.

We do believe, that the foundation for a good work environment starts with fast, secure and high performing computers. If you agree, then you should take a look at our Business Solutions to Spam Filter & Antivirus for even the latest version of Exchange Servers - your colleagues will appreciate it!

Go back to previous page