ZeuS Trojan shows hike in activity; Trend Micro

Trend Micro, which recently collected some data, reveals that the infamous banking Trojan ZeuS that filches passwords, as well as robs money from its victims' accounts incrementally spread during the recent months.

Investigators from the security company, who studied the data, reportedly discovered that ZeuS infections rose during February 2013-mid May 2013. Also, Zbot the most recent edition of ZeuS was related to Citadel the malicious program that also stole data and which was authored with the help of the source code of ZeuS, said the technical support group's Jay Yaneza at Trend Micro. Yaneza is the provider of the attack data's analysis after it was gathered from the security firm's customer strength. Crn.com reported this, May 24, 2013.

Yaneza further said that the lessons from the recent hike in Zbot/ZeuS' infections simply were: traditional malware (Zbot) could return anytime as they yielded profit to cyber-criminals. Selling captured banking along with more personal data belonging to Internauts, represented a rewarding enterprise on the underground market. Moreover, the criminals could utilize a victim's login credentials for carrying out illegitimate transactions through his financial account, the expert warned. Blog.trendmicro.com published this, May 23, 2013.

The variant of 2013 was also reflecting certain alterations, like whereas previous-generation editions of Zbot opened one folder inside the infected PC's System Folder so as to store the configuration file and filched data (there was also one replica for end-users to see), the current Zbot editions revised hosts files in Windows so security websites became inaccessible to end-users.

Fresh Zbot versions have a common DNA with GameOver/Citadel versions as also open 2 arbitrarily-named folders within Applications Data. With a Zbot folder's replica in one of the arbitrary folders, there's encrypted data inside the other. Different from previous versions, the current version has a random generation of the 'mutex' label.

Both versions dispatch Domain Name System requests intended for arbitrarily-created domain names.

Senior E-Threat Analyst Bogdan Botezatu of BitDefender said that during mid-May 2013, BitDefender researchers observed an increase in spam mails, carrying Trojan ZeuS, supposedly as communication from several banks sending bank statements, thus published cio.in dated May 27, 2013.

» SPAMfighter News - 5/30/2013