New Variant ZeuS.Maple Strikes Prominent Financial Institutions, Says Trusteer
Researchers from Trusteer the security company recently spotted one fresh version of Trojan Zeus that has been named ZeuS.Maple and which attacks chiefly clients belonging to some prominent financial institutions.
The ZeuS.Maple (variant ID188.8.131.52) seems as an extensively altered variant of ZeuS 184.108.40.206 which although doesn't include new capabilities, however, has the old functionalities in improved form.
Trusteer says that ZeuS.Maple happens to be the Trojan's sole version, which has the ability to re-patch any kind of browser, utilizing one particular feature so as for sustaining the info-grabbing functionality through insertion into the Web.
And as per the researchers, different from the previous times when the Trojan worked, within the present case, the .exe filename before being installed depends upon an increasingly advanced algorithm, which specifies %APPDATA%, name of a directory, while selects one existing folder as the location to install the executable.
As a result, the filename combines a strongly-programmed string with the folder. Moreover, the threat is made to appear one genuine file that enhances the deceptive nature of itself.
The malware also prevents from getting debugged with help from an unusual packer coded via the Visual Basic language so its analysis becomes harder. There's one more anti-debugging mechanism, which confirms 2 familiar Windows flags' values.
Additionally, there are a few latest anti-Virtual device abilities incorporated into the malware though not quite refined. ZeuS.Maple even verifies for possible VMware tools loaded onto the targeted PCs. Security researchers can easily overlook this verification mechanism only if the application is uninstalled.
Trusteer specifies that ZeuS.Maple has been created for targeting fourteen major financial institutions of Canada. The malware further hunts to target victims who conduct ordinary e-commerce transactions.
Well-known security company, Akamal cautions Fortune 500 companies about assaults which exploit the ZeuS crime malware.
Senior Vice-President Stuart Scholly who's also General Manager of Security Business Unit at Akamal describes Zeus as dangerous no matter how secure is the online environment. The malware deceives end-users into executing software, which actually infect machines; therefore, organizations should stringently implement their security policies, while awareness need get spread among users, he recommends. Securityweek.com published this, June 10, 2014.
» SPAMfighter News - 19-06-2014