Tag: zbot

Almost undetectable ZeuS variant discovered

A variant of the key-logging ZeuS trojan that is almost undetectable has been discovered by anti-malware researchers at Trend Micro.

The variant, known as TSPY_ZBOT.BYZ, uses a number of techniques to avoid automatic heuristics-based detection, such as importing a large number of external APIs, a characteristic not shared by other ZeuS trojans, and one that means there is a significantly lower chance of detection.

The trojan is also compressed in a different manner to other ZeuS variants, meaning that the calculable entropy is different. This is usually similar and allows anti-malware researchers and software to analyse and detect the trojan, but the difference in this variant helps keep it under the radar.

Trend Micro said the trojan is “designed to make analysis in sandboxed environments more difficult.” This makes things harder for anti-malware researchers who provide virus database updates to keep computer users protected, allowing for the spread of the trojan to many more machines.

The ZeuS trojan has been responsible for a string of major attacks throughout the year, including most recently on LinkedIn. The prevalence of the malware has led to multiple arrests around the world, including 19 people involved in a £6 million bank scam in the UK and further arrests in the US, which could see dozens of people jailed.

The problem is also getting worse. Trend Micro issued an update today that a further variant, named  TSPY_ZBOT.SMEQ, has been detected, and there could be many more of them, slipping under the watchful eyes of our anti-malware software.

“These new variants show the impact of TSPY_ZBOT.BYZ being able to avoid heuristic detection. Determining the relationship between TSPY_ZBOT.BYZ and the new variants would become harder; correspondingly the new variants would be more difficult to detect,” said Julius Dizon, Research Engineer at Trend Micro. 

“To properly guard against this threat, conventional antivirus [software] is not sufficient. Both improved detection techniques and proactive blocking of the websites, working together, can protect users.”

London police arrest 19 in cybercrime online banking scam

The London Metropolitan police e-Crime unit has broken up an elaborate cybercrime ring, arresting 19 people involved in a £6 million heist from online bank accounts.

The suspects are accused of hacking into thousands of computers using malware and then stealing money from people’s online bank accounts. The attacks utilised a Zbot trojan called ZeuS, malware that was recently used to attack business social networking site LinkedIn.

ZeuS is a notorious keylogging trojan aimed primarily at stealing bank details. It is usually installed through phishing campaigns, such as on websites like Facebook, or through forced or unauthorised downloads. It has become one of the top trojans, affecting millions of computers, many of which now operate as part of the virus’ extensive botnet.

The arrests, which include 15 men and four women, were made in London after a number of houses were raided on Monday. They are being held in custody and are currently being questioned over their involvement in the cybercrime ring.

The gang are accused of operating for over three months and face charges of suspicion of fraud, money laundering, and a number of offences listed under the Computer Misuse Act.

This is not the first time people have been arrested for using the ZeuS trojan to steal money. In November of last year a couple from Manchester were arrested for the same crime, revealing how dangerous the malware is and how many hackers are currently employing it.