Free Newsletter
Register for our Free Newsletters
Newsletter
Zones
Access Control
LeftNav
Alarms
LeftNav
Biometrics
LeftNav
Detection
LeftNav
Deutsche Zone (German Zone)
LeftNav
Education, Training and Professional Services
LeftNav
Government Programmes
LeftNav
Guarding, Equipment and Enforcement
LeftNav
Industrial Computing Security
LeftNav
IT Security
LeftNav
Physical Security
LeftNav
Surveillance
LeftNav
View All
Other Carouselweb publications
Carousel Web
Defense File
New Materials
Pro Health Zone
Pro Manufacturing Zone
Pro Security Zone
Web Lec
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
 
News

Online Banking Trojan Now Infecting One in Every Three Thousand Computers

Trusteer : 22 April, 2010  (Technical Article)
The Zeus or Zbot Trojan that targets users of online banking services in order to steal passwords has undergone changes to make it harder to detect as a result of the polymorphic construction of the malicious code
Trusteer has announced that a completely new version of the Zeus (Zbot) password stealing Trojan that targets online banking users has already been detected by the Trusteer Rapport service on one in every 3,000 computers it monitors. This is an unprecedented rate of distribution for new financial malware code. Version 1.4 of Zeus, also known as version 2, now targets Firefox as well as Internet Explorer browsers and uses advanced polymorphic techniques to avoid antivirus detection.

Trusteer used its Flashlight remote fraud investigation and mitigation service to link Zeus 1.4 with fraud committed against both commercial and consumer banking customers in North America and the United Kingdom. Flashlight was able to collect new Zeus configurations and code samples from infected computers. This new version of Zeus is completely different than versions 1.2 and 1.3.

Zeus is considered the most trusted and robust malware platform for online banking fraud, and has been licensed by numerous criminal organizations to launch targeted attacks against a specific banks' customers. The new version of Zeus targets the growing population of Firefox users, in addition to Internet Explorer. Previous versions were incapable of exploiting Firefox to commit sophisticated online fraud against banks using strong layers of authentication. However, Zeus 1.4 supports HTML injection and transaction tampering for Firefox, two techniques which are effectively used to bypass strong authentication and transaction signing solutions.

"We expect this new version of Zeus to significantly increase fraud losses, since nearly 30 percent of internet users bank online with Firefox and the infection rate for this piece of malware is growing faster than we have ever seen before," said Amit Klein, CTO of Trusteer and head of the company's research organization. "Fortunately, the Trusteer Flashlight and Rapport services have enabled us to detect the rapid distribution of Zeus 1.4 early and alert financial institutions. We are recommending they maintain a layered approach to malware blocking and make sure they have the proper detection, investigation, mitigation, and response tools in place."

Zeus, which is also known as Zbot, WSNPOEM, NTOS and PRG, is the most prevalent financial malware on the Internet today. It infects PCs, waits for the user to log onto a list of targeted banks and financial institutions, and then steals their credentials which are sent to a remote server in real time. It can also modify, in a user's browser, the genuine web pages from a bank's web servers to ask for personal information such as payment card number and PIN, one time passwords, etc.

Antivirus detection of Zeus has a poor track record. In a 2009 report based on information gathered from 3 million desktops in North America and the UK Trusteer found that the majority of Zeus infections occur on antivirus protected machines. Specifically, Trusteer found that among Zeus infected machines 55% had up-to-date Antivirus protection installed. The population of machines infected with older versions of Zeus is enormous -- one in every 100 computers according to Trusteer research. Zeus 1.4 was specifically crafted to avoid antivirus detection and uses advanced polymorphic techniques, which make antivirus technologies completely blind to it.
Bookmark and Share
 
Home I Editor's Blog I News by Zone I News by Date I News by Category I Special Reports I Directory I Events I Advertise I Submit Your News I About Us I Guides
 
   © 2012 ProSecurityZone.com
Netgains Logo