Zeus Trojan is probably one of the most prolific and long-lived malware, security firms have discovered in the last years numerous variant even more sophisticated. After the public release of it source code, principal security firms have detected new complex variants exploiting P2P protocol, using Tor Network to hide C&C servers or adopting encryption to make the malicious agent more resilient. In the last weeks it was discovered also a variant designed to hit Software-as-a-service (SaaS) which implements a web-crawling feature to obtain access to proprietary data or code from Salesforce.com customer’s CRM instance.The last campaign based on a new variant of GameOver Zeus Trojan discovered by F-Secure targeting users of popular employment websites. The author of the malware adopted a classic social engineering scheme to deceive victims into providing additional private information. The information collected with this stratagem could be used by cybercriminals to bypass multi-factor authentication mechanisms implemented to process the access to numerous web services, including online banking.GameOver Banking Trojan is one of the numerous variants of Zeus malware available on the market, is very flexible and security experts have already documented its use of numerous illicit activities including banking frauds and Distributed Denial of Service attacks. Zeus malware was one of the first malware using Man-In-The-Browser (MITB) attack, the malicious agent through the web injection alters the user’s perception of browser content hiding the attack to the victims. The injection was also used to circumvent two factor authentication processes.
“It’s a peer-to-peer botnet so it’s tricky to count,” “There is some excellent analysis from Dell SecureWorks, which details about 24,000 Gameover bots, in July 2012. I haven’t seen any attempts to count the entireGameover botnet recently, but I’m sure it’s still in the multiple tens of thousands.” said Sullivan.
“HR recruiters with website accounts should be wary of any such irregularities. If the account is potentially tied to a bank account and a spending budget … it’s a target for banking trojans. It wouldn’t be a bad idea for sites such as Monster to introduce two factor authentication, beyond mere security questions.” said F-Secure expert Mikko Suominen.
(Security Affairs – Zeus banking trojan, malware)