- Jan 24, 2011
- 9,378
A new variant of the Zeus banking Trojan, which Comodo Antivirus Labs is calling “extremely dangerous,” is being used by hackers to launch attacks that obtain the login credentials of visitors to online banking sites and commit financial fraud.
The wrinkle in this version is the combination of a legitimate digital signature, rootkit and malware component.
“Malware with a valid digital signature is an extremely dangerous situation,” said Comodo researchers, in a blog. “A digital signature assures browsers and antivirus systems that a file is legitimate and not a threat. Versions of Zeus have been around for several years, but with a valid digital certificate antivirus systems are much less likely to take action or will give lower levels of warning.”
The Comodo team has found more than 200 unique hits for the variant so far. The perpetrators are casting a wide net, primary through infected web page components or through email phishing. The phishing emails appear to be from a trusted source, such as a major bank.
As with other Zeus attacks, this variant launches a man-in-the-browser (MitB) attack. The hackers are sent information required to create a remote session where they can see exactly what the victim is doing and interfere with their actions without their knowledge.
“For example, if the attack victim goes to an online banking site to perform a transaction, such as transferring funds, they see everything as occurring normally,” Comodo researchers said. “The payment information they keyed will display as expected, but behind the scenes the hackers will alter the transaction and send it to another account with possibly a larger amount.”
The hackers work with “Money Mules” who establish bank accounts using false credentials and receive a commission for handling ill-gotten gains.
Read more: http://www.infosecurity-magazine.com/view/37879/zeus-variant-contains-legitimate-certificate/
The wrinkle in this version is the combination of a legitimate digital signature, rootkit and malware component.
“Malware with a valid digital signature is an extremely dangerous situation,” said Comodo researchers, in a blog. “A digital signature assures browsers and antivirus systems that a file is legitimate and not a threat. Versions of Zeus have been around for several years, but with a valid digital certificate antivirus systems are much less likely to take action or will give lower levels of warning.”
The Comodo team has found more than 200 unique hits for the variant so far. The perpetrators are casting a wide net, primary through infected web page components or through email phishing. The phishing emails appear to be from a trusted source, such as a major bank.
As with other Zeus attacks, this variant launches a man-in-the-browser (MitB) attack. The hackers are sent information required to create a remote session where they can see exactly what the victim is doing and interfere with their actions without their knowledge.
“For example, if the attack victim goes to an online banking site to perform a transaction, such as transferring funds, they see everything as occurring normally,” Comodo researchers said. “The payment information they keyed will display as expected, but behind the scenes the hackers will alter the transaction and send it to another account with possibly a larger amount.”
The hackers work with “Money Mules” who establish bank accounts using false credentials and receive a commission for handling ill-gotten gains.
Read more: http://www.infosecurity-magazine.com/view/37879/zeus-variant-contains-legitimate-certificate/