After several months f speculations, it is now finally confirmed that a new combination of a two pieces of advanced online banking malware has stated to spread. What appears to be a beta version of a malware-piece that has bits of both the Zeus virus and the SpyEye virus is now in circulation, albeit just among a few people, according to CTO and co-founder of Seculert, Aviv Raff.
“It seems to be still under development, with bug fixes released almost daily.”
Seculert has published screen shots of the new malware, which has two versions of a control panel used for managing infected computers. One of those control panels resembles one in Zeus, and the other resembles that in SpyEye. Both of the control panels are connected to the same back-end command-and-control server, Raff says.
The reason for the dual control panels is “because many of the criminals are used to the look-and-feel of the Zeus administration panel and will find it easier to migrate to the new version.”
PC World writes on their website that for some time, vendors including Trend Micro and McAfee as well as security writer Brian Krebs, have written about rumors that the Russian hacker who wrote Zeus was getting out of the business.
The source code for Zeus was rumored to have been transferred to the creator of SpyEye, and it was anticipated that the two pieces of malware would be combined.
“That evidence has just emerged now,” Raff says.
More Trouble for Banks
The pretty well known Zeus virus/trojan/malware, that is tailored to evade security software, grab online banking credentials and execute transactions on the fly, has so fa been more than annoying.
Zeus has been used by several highly organized criminal rings to transfer money out of victims’ accounts.
Last year, dozens of people were arrested in the US and UK and accused of being money mules for the gangs, PC World reports.
The new malware also has at least a couple of new features.
One of those is designed to defeat Rapport, a browser add-on from the security vendor Trusteer that intends to protect connections between a client and a bank server and resist man-in-the-middle attacks.
“Previously, the anti-Rapport feature was a separate module for Zeus, but now it has been baked in,” Raff says.
The malware writers have also added a way to remotely connect to a victim’s computer using the Remote Desktop Protocol, a Microsoft protocol that allows a remote user to access a computer using the normal Windows graphical interface rather than a command line.
So far, it appears that only a few cyber-criminals are using the new version.
He declined to say how Sec.
ulert obtained the malware or how much it might be selling for on the malware market.
“It seems to be still under development, with bug fixes released almost daily,” Raff says.
Just don’t tell me you’re surprised….
Related by the Econotwist’s:
- Internet Nuke Bomb Ready To Blow
- Anonymous Amateurs & Script Kiddies
- Microsoft Spot New Antivirus Blocking Trojan
- FBI Initiate Worldwide Crack Down On Hackers
- Gambling Addicted Hacker Steal 400 Billion Gaming Chips
- Cyber Attacks Force EU to Close Emission Trading System
- A Homepage For The Homeless
- PCs at Risk From Supertrojans (foxnews.com)
- Bastard child of SpyEye/ZeuS merger appears online (go.theregister.com)
- Carberp Malware Sniffs out Antivirus Use to Maximize Attack Impact (pcworld.com)
- Carberp Banking Malware Upgrades Itself (pcworld.com)
- Zeus takes up residence in the US (v3.co.uk)
- Iranian Cyber Army Moves Into Botnets (nytimes.com)
- Next Generation Banking Malware Emerges After Zeus (pcworld.com)