Zeus Trojan Makes a Comeback After Months of Silence
Posted by: Tim Tibbetts on 05/28/2013 09:10 AM
[
Comments
]
The notorious info-stealing ZeuS/ZBOT variants are reemerging with a vengeance, with increased activity and a different version of the malware seen this year. In Trend Micros 2013 Security Predictions, they predicted that cybercrime will be characterized by old threats resurfacing, but with certain refinements and new features in tow. The 1Q of the year proved this thesis, as seen in threats like CARBERP and Andromeda botnet.
ZBOT malware of this generation are found to be mostly either Citadel or GameOver variants. Unlike earlier version, the mutex name is randomly generated.
Both variants send DNS queries to randomized domain names. The GameOver variant also opens a random UDP port and sends encrypted packets before sending DNS queries to randomized domain names.
Recently we reported that the Alleged ZeuS Botmaster was arrested for stealing $100 million from U.S. banks. That's not chump change.
ZBOT malware of this generation are found to be mostly either Citadel or GameOver variants. Unlike earlier version, the mutex name is randomly generated.
Both variants send DNS queries to randomized domain names. The GameOver variant also opens a random UDP port and sends encrypted packets before sending DNS queries to randomized domain names.
Recently we reported that the Alleged ZeuS Botmaster was arrested for stealing $100 million from U.S. banks. That's not chump change.
Comments
