The notorious info-stealing ZeuS/ZBOT variants are reemerging with a vengeance, with increased activity and a different version of the malware seen this year. In Trend Micros 2013 Security Predictions, they predicted that cybercrime will be characterized by old threats resurfacing, but with certain refinements and new features in tow. The 1Q of the year proved this thesis, as seen in threats like CARBERP and Andromeda botnet.

They now have added the data-stealing malware ZeuS/ZBOT to this roster of old-but-new threats, which is noted to have increased these past months based from Trend Micro Smart Protection Network feedback.

ZBOT malware of this generation are found to be mostly either Citadel or GameOver variants. Unlike earlier version, the mutex name is randomly generated.

Both variants send DNS queries to randomized domain names. The GameOver variant also opens a random UDP port and sends encrypted packets before sending DNS queries to randomized domain names.

Recently we reported that the Alleged ZeuS Botmaster was arrested for stealing $100 million from U.S. banks. That's not chump change.