New Zeus variant targets Deutsche Bank, Wells Fargo and Barclays
Posted by: Timothy Weaver on 02/18/2014 11:22 AM
[
Comments
]
Using a technique known as steganography, the Zeus banking malware is hiding a crucial file inside a photo.
Jerome Segura, a senior security researcher with Malwarebytes, wrote that this new variant, called ZeusVM, downloads a configuration file that contains the domains of banks that the malware is instructed to intervene in during a transaction. “The malware was retrieving a JPG image hosted on the same server as were other malware components,” Segura wrote.
The suspect image appears to be larger than it should when compared to an identical one in bitmap mode. When decrypted, the file shows the banks targets, including Deutsche Bank, Wells Fargo and Barclays.
Jerome Segura, a senior security researcher with Malwarebytes, wrote that this new variant, called ZeusVM, downloads a configuration file that contains the domains of banks that the malware is instructed to intervene in during a transaction. “The malware was retrieving a JPG image hosted on the same server as were other malware components,” Segura wrote.
The suspect image appears to be larger than it should when compared to an identical one in bitmap mode. When decrypted, the file shows the banks targets, including Deutsche Bank, Wells Fargo and Barclays.
Comments
