Cybercriminals beef up Zeus Trojan to retain top malware ranking


Cybercriminals beef up Zeus Trojan to retain top malware ranking

Warwick Ashford

Cybercriminals have unleashed an enhanced version of the Zeus Trojan responsible for stealing tens of thousands of UK user credentials, according to researchers.

Version 2.1 of the financial malware has added sophisticated mechanisms to commit online fraud and remain the Trojan of choice for criminals, said researchers at security firm Trusteer.

Zeus has improved its business logic and its ability to avoid detection and automatic analysis by anti-virus vendors, they found.

Pressure from security firms, banks and law enforcement agencies is forcing Zeus developers to improve the malware continually to avoid losing business to competing malware such as Bugat, Clampi, and SpyEye.

"The improvements are similar to those seen in commercial software, but instead of enhancements being released on a monthly or annual basis, the timescales are now being compressed to just days and weeks, largely because of the immense fraudulent revenues involved," said Mickey Boodaei, chief executive at Trusteer.

While commercial software needs to undergo extensive quality assurance processes before being released, Zeus has the luxury of pushing rapid updates without worrying too much about software quality, he said.

Zeus can now target all URLs that start with "https" and then zero-in on those that contain specific digits and keywords.

Version 2.1 can target individual web pages with elaborate injections, while not injecting into other pages to create more convincing pages and target more banks using a single attack.

Other improvements include a fine-grained "grabbing" mechanism to extract very specific areas of the pages such as the account balance, and a 1,024-bit RSA public key for one-way encryption of data and authenticating the control server to Zeus clients.

Email Alerts

Register now to receive IT-related news, guides and more, delivered to your inbox.
By submitting your personal information, you agree to receive emails regarding relevant products and special offers from TechTarget and its partners. You also agree that your personal information may be transferred and processed in the United States, and that you have read and agree to the Terms of Use and the Privacy Policy.

COMMENTS powered by Disqus  //  Commenting policy