|  Home   |  Forums   |  News   |  Blog   |  Reviews   |
 Satellite   Digital TV   IPTV   Cable   HDTV   Computers   Games   Mobile Phones   Broadband   Internet   Security   Telecoms   USB   VoIP   Wireless 

April 22, 2010

Trusteer detects new Zeus (Zbot) password stealing Trojan

Bookmark and Share

by Janet Harris

Trusteer, the leading provider of secure browsing services, today announced that a completely new version of the Zeus (Zbot) password stealing Trojan that targets online banking users has already been detected by the Trusteer Rapport service on one in every 3,000 computers it monitors.

This is an unprecedented rate of distribution for new financial malware code.

Version 1.4 of Zeus, also known as version 2, now targets Firefox as well as Internet Explorer browsers and uses advanced polymorphic techniques to avoid antivirus detection.

Trusteer used its Flashlight remote fraud investigation and mitigation service to link Zeus 1.4 with fraud committed against both commercial and consumer banking customers in North America and the United Kingdom.

Flashlight was able to collect new Zeus configurations and code samples from infected computers. This new version of Zeus is completely different than versions 1.2 and 1.3.

The Internet’s Leading Banking Trojan
Zeus is considered the most trusted and robust malware platform for online banking fraud, and has been licensed by numerous criminal organizations to launch targeted attacks against a specific banks’ customers.

The new version of Zeus targets the growing population of Firefox users, in addition to Internet Explorer.

Previous versions were incapable of exploiting Firefox to commit sophisticated online fraud against banks using strong layers of authentication.

However, Zeus 1.4 supports HTML injection and transaction tampering for Firefox, two techniques which are effectively used to bypass strong authentication and transaction signing solutions.

“We expect this new version of Zeus to significantly increase fraud losses, since nearly 30 percent of internet users bank online with Firefox and the infection rate for this piece of malware is growing faster than we have ever seen before,” said Amit Klein, CTO of Trusteer and head of the company’s research organization.

“Fortunately, the Trusteer Flashlight and Rapport services have enabled us to detect the rapid distribution of Zeus 1.4 early and alert financial institutions.

“We are recommending they maintain a layered approach to malware blocking and make sure they have the proper detection, investigation, mitigation, and response tools in place.”

Poor Antivirus Detection Rates
Zeus, which is also known as Zbot, WSNPOEM, NTOS and PRG, is the most prevalent financial malware on the Internet today.

It infects PCs, waits for the user to log onto a list of targeted banks and financial institutions, and then steals their credentials which are sent to a remote server in real time.

It can also modify, in a user’s browser, the genuine web pages from a bank’s web servers to ask for personal information such as payment card number and PIN, one time passwords, etc.

Antivirus detection of Zeus has a poor track record.

In a 2009 report based on information gathered from 3 million desktops in North America and the UK Trusteer found that the majority of Zeus infections occur on antivirus protected machines.

Specifically, Trusteer found that among Zeus infected machines 55% had up-to-date Antivirus protection installed.

The population of machines infected with older versions of Zeus is enormous — one in every 100 computers according to Trusteer research.

Zeus 1.4 was specifically crafted to avoid antivirus detection and uses advanced polymorphic techniques, which make antivirus technologies completely blind to it.

Story link: Trusteer detects new Zeus (Zbot) password stealing Trojan


Discuss this in the Techwatch Forums





Related news to "Trusteer detects new Zeus (Zbot) password stealing Trojan"




No Comments »
  1. Zeus has been able to inject into Firefox for a long time. Might want to check your sources. Trusteer is pulling an okey doke on everyone for publicity

    Comment by Bobert — April 23, 2010 @ 1:47 pm

Leave a comment


Previous: «
Next: »

Visited 387 times, 2 so far today

Tags: , , , , , , , ,