Zeus Trojan has Fresh Variant Circulating Online: Trend Micro
According to the researchers from Trend Micro, the Zeus Trojan in a new version is circulating online and applying greater speed for exchanging messages with the PC that regulates it, published Gmanews.tv dated October 18, 2011.
Also, according to the security company, its analysis suggests an online crooks' gang, which maybe responsible for the latest Zeus variant.
Furthermore, different from previous Zeus variants, which utilized HTTP for taking down the configuration file specially designed for them, the new variant creates an arbitrary User Datagram Protocol (UDP) port followed with linking up with an IP address list for taking down the configuration file related to it, Trend Micro states. Gmanews.tv published this.
Trend Micro also states that the fresh Zeus variant identified as TSPY_ZBOT.SMQH proliferated sometime in late-Sept 2011 via junk e-mails, which posed as being sent from the Australian Taxation Office.
Moreover, the spam mails carried a malevolent web-link that if clicked took users onto a hostile site, which delivered the BlackHole toolkit for crimeware.
This toolkit then pulled down one version of the TSPY_ZBOT.SMQH Zeus variant.
The researchers say that TSPY_ZBOT.SMQH, which links up with its controlling computer-server, dispatches data to it after encrypting the same that carries several characters along with the bot. Actually every Internet Protocol address contained within the list, maps with an associated sequence of characters that apparently is checked for the server to be sure about the communication.
And incase there's a live IP address; it'll answer using the coded config file through Transmission Control Protocol (TCP).
Moreover, once reaching its destination, the same config file is decoded with the help of the identical RC4 algorithm like the Zeus 2.
Additionally, according to the researchers, although the spam mails solely attacked Australian end-users, the config file's decoded contents indicate that possibly the campaign was designed to be launched worldwide, including Europe, Asia and the USA, later.
Conclusively, since the current Zeus variant is known to be highly dangerous, end-users must ensure that they treat all notices arriving from state bodies alternatively any dubious organization with suspicion since cyber-criminals exploit these opportunities very well for personal monetary gains.
Related article: Zeus Trojan Stole Huge Amount of Information
» SPAMfighter News - 25-10-2011