New Zeus Trojans are Now Making Rounds on the Internet

Beware of the New Zeus Trojans on the Internet

After Microsoft, along with its law enforcement partners, had seized many Zeus command and control (C&C) servers in the March of last year, there was little activity by Zeus for almost a year. But now, the Zeus banking Trojan is back with new capabilities and codes according to researchers at Trend Micro. The virus steals login information from financial websites primarily. Zeus is an information-stealing Trojan that steals login credentials of email and online banking accounts.

Peddling personal and banking information is an extremely profitable business in the underground market according to Jay Yaneza who is a part of Trend Micro’s tech support. He also revealed that older threats such as ZBOT can come back anytime as cyber criminals look at making profit from these.

The newer variant is found to behave differently after infecting the computer than its older versions. The older variants saved configuration file and all the stolen data within a Windows system folder. They would modify the host files in such a way that users would not be able to access sites that dealt with security. The new Zeus Trojans create 2 folders that are named randomly – one for encrypted data and one for malware. The Trojans then send DNS queries to domain names randomly hunting for C&C server. The machine that is infected then gets a list of the sites to look for from the server.

Like always, users must be careful when clicking on links and opening emails. The machines should contain latest operating system updates and good antivirus software. If you are planning to take a machine from a computer rental store, ensure that it has a good antivirus installed to keep your personal data safe.

Friday, July 5, 2013