Dangerous new Zeus Malware Fools Anti-Virus

place Google AdSense code here

 

A new and "extremely dangerous" version of the notorious Zeus malware has been discovered with the ability to fool detection systems by hiding behind an apparently legitimate digital signature.

The virus was revealed by US vendor Comodo Antivirus Labs late last week. The company found over 200 unique hits by the malware on its customers, it said in a blog post.

It downloads data-stealing malware hidden by a rootkit component, aiming to steal login credentials, credit card and other information that the user keys into a web form.

 

UK-based security expert Richard Moulds, vice president of strategy at Thales e-Security, said if an attacker can sign their malicious code in a way that passes the validation process, "they are a huge step further in mounting an attack.”

“Windows, iOS, Android and Linux all use code-signing to ensure that only legitimate, signed code is installed and executed. Code-signing provides the best mechanism for proving that code hasn't been modified and therefore is a way of spotting malware infected software and rejecting it," he said.

 

The Zeus or Zbot Trojan is designed to steal online banking and other sensitive user data.

In February, research from Dell SecureWorks showed Zeus and the related Citadel malware were the two biggest banking botnets of 2013, targeting 900 financial institutions worldwide. Zeus is also used to install the Gameover malware, the CryptoLocker ransomware and its more recent but flawed lookalike CryptoDefense.