Worm Ramnit Incorporates Trojan Zeus’ Capabilities to Commit Financial Fraud

According to researchers from Trusteer, they've discovered a blending of the notorious Trojan Zeus that steals login details with Worm Ramnit, resulting in a hybrid malware which's capable of manipulating Internet banking accounts as it proliferates on networks, published TechWorld in news on August 23, 2011.

Making a statement, Trusteer reported that when it seized as well as reverse engineered Ramnit configurations, it discovered that those configurations incorporated Zeus' tricks from the latter's financial malware environment, thus meaning that Ramnit actually borrowed Zeus' capability for inserting HTML code inside an end-user' Web-browser so it could evade financial institutions' two-factor validation as also transaction authorizing mechanisms meant for safeguarding Internet-banking sessions. Credit Union Times published this on August 23, 2011.

Reportedly, the central command-and-control servers of Ramnit are situated inside Germany, while they're presently active. The Intelligence Report by Symantec for July 2011 states that Ramnit is responsible for 17.3% of the total fresh malware infections.

Notably, Ramnit, which for the first time got spotted during 2010, infects file types such as .DDL, .EXE, .HTML, .SCR etc. This infection of files represents an ancient method of viruses which one hardly ever observes in current days' malware that steals financial information.

Believably during May 2011, Zeus' source code had gotten widely obtainable within associations of cyber-criminals following an unconfirmed origin's revelation. Consequently, there's been a hunt by security-watchers for fresh malicious software that absorbs part of Zeus' most strong as also extremely specific characteristics. As accords to Trusteer, the new Ramnit incarnation is an instance of that which has never had a precedent.

Also as per Amit Klein, CTO of Trusteer, Zeus doesn't propagate by itself. Its creator possibly is targeting networks, he adds, observing that the morphed malicious program is capable of disseminating Zeus data performing thefts throughout network shares that is one potentially strong capability. TechWorld reported this.

Moreover, Senior malware Analyst Ayelet Heyman at Trusteer said that the new hybrid that his organization detected was a subject of specific attention by financial institutions, as the worm was observed targeting plentiful financial institutions with the aim for stealing money. Credit Union Times reported this.

Related article: Worm Spreads With Random Subject Lines

» SPAMfighter News - 9/1/2011