- Aug 17, 2014
The Silent Night Zbot, a new variant of the infamous banking trojan ZeuS that wreaked havoc in mid-2009 may be impressive in its design but it’s “not any game changer,” according to a deep-dive report from Malwarebytes and HYAS.
Calling Silent Night “yet another banking Trojan based on ZeuS,” the 186-page report praised the malware’s design for being consistent and clean. “The author’s experience shows throughout the code,” researchers said. “Yet, apart from the custom obfuscator, there is not much novelty in this product.”
Researchers compared the functionality of the malware and its Command-and-Control (C2) panel with other Zbots that have been popular in recent years, including the Terdot fork, among ZeuS’s many iterations that emerged since first being discovered in July 2007.
While the bot’s design uses the ZeuS code as a template, much work had been done on its modification and modernization. Conceptually, it is very close to Terdot, “yet rewritten with an improved, modular design,” according to the report. Silent Night’s initial sample is a downloader, fetching the core malicious module and injecting it into various running processes. [....]
In our new paper with HYAS, we dive deep into “Silent Night," a new banking Trojan recently tracked as Zloader/Zbot, and reminiscent of ZeuS.