New Sphinx Appears as Banker Trojan Zeus Variant

One fresh version of Zeus Trojan the well-known banker malware is circulating in the wild. The version called Sphinx has been observed on an illegal trading site as it uses Tor network for operation. Hakspek.com published this dated August 26, 2015.

A customer going by the name SphinxTrojan posted the Trojan on Crime Network an underground online portal on August 15, 2015. The programming language used to write it is C++. It is created for working particularly via Tor network so that it remains anonymous. It's believably unaffected from Zeus tracker, blacklisting and sinkholing.

The backend utilizes certain PHP, server-side programmed Web panel having 'mysql' and 'mbstring' extensions.

At present, the selling price of the Sphinx toolkit has been fixed at USD500 for every binary. For payment, the Bitcoin crypto currency has been decided with the mode-of-payment as DASH. The purchasing process starts with buyers registering on an Internet site for paying the price. This leads to automatic validation of the consumer's A/C followed with letting him access for modifying his config as well as asking for a build.

Sphinx's creators describe the Trojan as crafted for working on Windows 7 and Vista where the UAC meaning User Account Control is active. The Trojan is also operative on weakly privileged user accounts in particular the "Guest" A/C. Securityweek.com published this, August 26, 2015.

According to a forum post dated August 15 that advertises the malware's capabilities, Sphinx's Backconnect Virtual Network Computing lets its consumers transfer money straight from the contaminated PC. The capability as well aids in deactivating security software that's enabled on victim's system. With the Trojan's Backconnect SOCKS, attackers can make SOCKS proxy of their victim.

Sphinx as well enables crooks to filch from the Net digital certificates for use afterwards in authorizing malware. They can also employ web-injects for modifying a website's content with the purpose of duping victims into divulging secret data.

To communicate with its CnC infrastructure, Sphinx resorts to whitelisted processes so as for evading firewalls.

The Sphinx trader recommends utilizing traffic from Internet Explorer to work with the exploit toolkit that would yield the highest profit from Sphinx.

» SPAMfighter News - 8/28/2015