According to Comodo AV Labs, security researchers are identified a new and extremely dangerous variant of the Zeus banking Trojan. Hackers use Zeus to launch attacks that obtain the login credentials of visitors to online banking sites and commit financial fraud.Comodo first learned of the variant from a sample submitted by a Comodo user. It attempts to trick the user into executing it by presenting itself as some type of Internet Explorer document, including an icon similar to the Windows browser.
What is alarming about this is that the file is digitally signed with a valid certificate, making it appear trustworthy at first glance. The digital certificate is issued to “isonet ag”.
The significance of this variant is the combination of a legitimate digital signature, rootkit and malware component. Malware with a valid digital signature is an extremely dangerous situation.
A digital signature assures browsers and antivirus systems that a file is legitimate and not a threat. Versions of Zeus have been around for several years, but with a valid digital certificate antivirus systems are much less likely to take action or will give lower levels of warning.
The Comodo team identified the Zeus variant because they continuously monitor and analyze scan data from the users of Comodo’s internet security systems. They have found over 200 unique hits for this Zeus variant from our users so far.
Zeus is distributed to a wide audience, primary through infected web page components or through email phishing. The phishing emails appear to be from a trusted source, such as a major bank, but are actually from hackers.
There are three components to an attack launched by Zeus:
The Downloader: Delivered to the user system by an exploit or an attachment in a phishing email. It will download the rootkit and malware component of the attack.
The Malware: In this case it is a data stealer, the program that will steal valuable user data, login credentials, credit card info, etc. that the user keys into a web form.
A Rootkit: A rootkit hides the installed malware component, protecting it from detection and removal.
To stay protected from such threats, install Comodo Internet Security and make sure to keep all of its real time shields enabled.
No comments:
Post a Comment