ZeuS byproduct ‘Silent Night’ Zbot ‘not a game-changer’

silversurfer

Level 84
Thread author
Verified
Helper
Top poster
Content Creator
Malware Hunter
Well-known
Aug 17, 2014
7,565
The Silent Night Zbot, a new variant of the infamous banking trojan ZeuS that wreaked havoc in mid-2009 may be impressive in its design but it’s “not any game changer,” according to a deep-dive report from Malwarebytes and HYAS.

Calling Silent Night “yet another banking Trojan based on ZeuS,” the 186-page report praised the malware’s design for being consistent and clean. “The author’s experience shows throughout the code,” researchers said. “Yet, apart from the custom obfuscator, there is not much novelty in this product.”

Researchers compared the functionality of the malware and its Command-and-Control (C2) panel with other Zbots that have been popular in recent years, including the Terdot fork, among ZeuS’s many iterations that emerged since first being discovered in July 2007.

While the bot’s design uses the ZeuS code as a template, much work had been done on its modification and modernization. Conceptually, it is very close to Terdot, “yet rewritten with an improved, modular design,” according to the report. Silent Night’s initial sample is a downloader, fetching the core malicious module and injecting it into various running processes. [....]