News

Security researchers identify possible successor to Zeus Trojan

A new Trojan called Ares has been identified as a potential successor to the notorious Zeus Trojan that has been used to steal credentials used in millions of pounds in theft.

Ares shares similar design characteristics to the Zeus Trojan mainly in its modular design, according to researchers at security firm G Data.

The modular design means cybercriminals will be able to modify the malware whenever required.

The wide range of uses to which Ares can be put means it represents an extremely high risk to the public and businesses, the researchers said.

Ares provides cybercriminals with a simple way of spreading malware via websites, and because it has so many potential variants, it can be used for almost any attack on any target, said Eddy Willems, security evangelist at G Data.

"We believe one of the eventual uses will be to spread Trojans aimed at online banking users. Internet users need to protect themselves by making sure they have anti-malware solutions in place that monitor all HTTP traffic and can block dangerous websites before they are called up on work and personal computers," he said.

Underlining the commerciality of modern malware, a software development kit for the Trojan is available for free to 'trustworthy developers' on condition that a licence fee is paid to Ares' developer when modules are sold on to third parties, said Willems.

Other potential users can buy the development kit for up to $6,000, although a 'starter pack' with reduced functionality can also be purchased for $850.

As is customary in the malware industry, said Willems, payment is made via an anonymous online payment service, in this case WebMoney, so that neither the purchaser nor the vendor need reveal their true identity.

In an underground forum, the developer of Ares said every copy is unique, and although is not focused on banking, it has the same banking capabilities as Zeus and SpyEye, which can be added if required.

"I actually consider this more of a platform which is customised to each buyer's liking," the Ares developer said.

G Data expects Ares to begin circulating in numerous forms and to spread rapidly, but warned that it remains unclear who or what the Trojan's specific targets are, what mechanisms it will use, and who is behind it.


Email Alerts

Register now to receive ComputerWeekly.com IT-related news, guides and more, delivered to your inbox.
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
 

COMMENTS powered by Disqus  //  Commenting policy