Explore the latest news and trends  

Sign up for our weekly security newsletter


Be the first to receive important updates on security





Send

Researchers of Trend Micro say that Interesting Details of New Zeus Variant Pops-Up

Kaspersky spotted a 64-bit edition of the infamous Zeus Trojan and reported it in December 2013. Experts at that time highlighted that the malware was relying on Tor to protect its C&C (command and control) infrastructure and now security firm 'Trend Micro' has also analyzed the 64-bit Zeus Trojan and come up with some fascinating details.

Apparently, the threat comes with improved anti-malware evasion tricks and the malware is capable of identifying certain study tools like StudPE, WinHex, OllyDbg and ProDump. However, execution is prevented if any of these tools is detected.

Zbot's or Zeus user-mode rootkit ability is another noteworthy addition which successfully conceals its files, processes, and registry. The said version also veils its dropped files and auto-start registry. Folders created by the malware can be observed using the dir command in 'CMD' but are concealed when browsed through File Explorer.

Users can view TSPY_ZBOT.AAMV auto-start registry, formed folders and files by starting over in 'Safe Mode' as the malware only has a user-mode rootkit potentiality that only covers malware-related files and processes as conflicting to a kernel mode rootkit and users can remove these files while continuing to be in 'Safe Mode'.

Amusingly, it Zeus (variant detected by Kaspersky) also has rootkit capabilities and is capable to hide files and folders it drops (File Explorer doesn't highlight them), processes it starts and registry keys it creates.

Anthony Joe Melgarejo, Threat response Engineer of Trend Micro, published a report on blog.trendmicro.com on 7th January, 2014 as "This 64-bit edition for Zeus/ZBOT is an anticipated progression for the malware particularly after source code of Zeus was leaked in 2011. Ever since then, we've witnessed numerous reincarnations of the malware in the form of KINS and its participation with other malwares like 'Cryptolocker' and 'UPATRE'. Addition of functionalities like rootkit capability and the employment of a Tor module are added proof that we can observe more changes in the future principally those which help dodge or delay anti-malware attempts."

The security firm suggests users to employ up-to-date anti-virus software on their systems to avoid being infected by the latest version of Zeus Trojan.

» SPAMfighter News - 1/21/2014

3 simple steps to update drivers on your Windows PCSlow PC? Optimize your Slow PC with SLOW-PCfighter!Email Cluttered with Spam? Free Spam Filter!

Dear Reader

We are happy to see you are reading our IT Security News.

We do believe, that the foundation for a good work environment starts with fast, secure and high performing computers. If you agree, then you should take a look at our Business Solutions to Spam Filter & Antivirus for even the latest version of Exchange Servers - your colleagues will appreciate it!

Go back to previous page
Next