New Variant of Zeus Contains Valid Digital Certificate - Comodo
Security researchers of security firm Comodo have identified a new version of the infamous banking Trojan namely Zeus which is signed with a valid digital certificate making it more difficult to trace and remove.
More than 200 customers of Comodo have been targeted with this threat.
Scmagazineuk.com published a report on 4th April, 2014 quoting Kevin Judge, blogger with Comodo, as saying "the variant of Zeus camouflages itself as an IE (Internet Explorer) document that is served via a webpage or a phishing email and downloads data-embezzling malware concealed by a rootkit component. It tries to steal credentials about login, credit card and other information which user keys in".
Judge said that the IE file deactivates the user, web-browsers and AV systems because it is digitally signed with an official certificate issued to 'isonet ag" making it appear authentic at first glance.
He explained: Zeus versions have been around for many years and if it is with an authentic digital certificate, then a browser will not exhibit warning message and even AV systems may not take action or may give inferior levels of warning. Malware having an authentic digital signature is tremendously dangerous because it guarantees browsers and AV systems about its legitimacy without a threat.
Essentially Zeus launches an assault when an individual visits an online banking site as it allows hackers to generate a remote session where they (hackers) can see what the victim is doing and clandestinely intercept all information from the activity.
For example, when the victim transfers funds on a banking site, the payment information will be displayed and the hackers will alter the transactions behind the landscape and drive the money to another account.
In December 2013, Kaspersky Lab discovered a 64-bit version of Zeus indicating the preparation by cybercriminals for stirring away from older 32-bit architectures in the software industry.
Comodo says that finally an increase in the trend of signed virus has been seen. Users of Windows are advised to install good AV software and configure the firewall to maximize the security of their PCs. Also, never open any links sent to you with emails from unfamiliar sources.
» SPAMfighter News - 12-04-2014