Explore the latest news and trends  

Sign up for our weekly security newsletter

Be the first to receive important updates on security


Zeus Evolves Into Fresh Variant, the Chthonic

Kaspersky the security company has just detected one fresh banker Trojan given the name Trojan-Banker.Win32.Chthonic.

Seemingly, Chthonic has evolved from ZeusVM while going through several significant developments. The Trojan utilizes an encryptor which is an identical one for Andromeda bots, an encoding system that is same for ZeusV2 and Zeus AES Trojans, as well as one virtual device same as which KINS and ZeusVM malicious programs use.

As accords to Kaspersky, there are many ways for contaminating host computers with Trojan-Banker.Win32.Chthonic. These are taking down the malware onto the hosts with the aid of Andromeda bot; or dispatching spam mails consisting of exploits.

While dispatching e-mails consisting an exploit, one suitably designed RTF document is attached that would abuse a Microsoft Office vulnerability named CVE-2014-1761. The document is suffixed with .DOC extension so it does not raise suspicion for the recipient. If the vulnerability is successfully exploited, an installer for the 'Chthonic' malware is downloaded onto the host machine.

Bot Andromeda would pull down the installer obtainable via the hxxp://globalblinds.org/BATH/lider.exe.

When pulled down, harmful code, which has one configuration file that is encrypted, gets inserted inside msiexec.exe name of a process alongside which several malevolent software get planted onto the host.

Hitherto, the software programs which Kaspersky Lab researchers found are those which garner system information, log keystrokes, capture saved passwords, record sound and image via web microphone and camera, and facilitate remote access.

Chthonic that targeted Japanese banks within one case concealed the bank's alerts while inserted one script enabling perpetrators towards executing different fraudulent transactions via accounts compromised on the infected computers. Similarly, Russian banks when targeted in another instance entailed fake banking web-pages to affected account owners when they would login. For that, the Trojan would formulate one iframe alongside one phished site mimicking the original banking website.

Senior Malware Analyst Yury Namestnikov at Kaspersky remarked that Chthonic's discovery substantiated Zeus Trojan's continued evolution. Malware authors were maximally utilizing the latest tactics aided hugely from leakage of Zeus code. Chthonic, according to Namestnikov, was the successive stage of Zeus' evolution. Cbronline.com reported this dated December 18, 2014.

ยป SPAMfighter News - 12/26/2014

3 simple steps to update drivers on your Windows PCSlow PC? Optimize your Slow PC with SLOW-PCfighter!Email Cluttered with Spam? Free Spam Filter!

Dear Reader

We are happy to see you are reading our IT Security News.

We do believe, that the foundation for a good work environment starts with fast, secure and high performing computers. If you agree, then you should take a look at our Business Solutions to Spam Filter & Antivirus for even the latest version of Exchange Servers - your colleagues will appreciate it!

Go back to previous page