Beware of Zeus Financial Malware. It Just Got Stronger!


Malware software comes and go. The recent in the list of malware that are giving security experts sleepless nights is the Zeus financial malware. It is said that the most number of infected systems are located in U.S., India, and Italy. As per a recent update, the malware was “upgraded” with peer-to-peer functionality that makes it a lot stronger than it actually was. This upgrade will also give the controllers the flexibility which is much required in order to carry out different fraud operations.

Zeus Financial Malware – a short history

The latest upgrade was identified by Swiss Security Expert Roman Hssy who is also the creator of Zeus tracking services. It was over a year back when a research team from Trend Micro was able to trick Zeus. And since then the malware has been running around in the wild without any real nets to catch the same.

A few weeks ago I’ve noticed that no new murofet/LICAT C&C [command and control] domain names have been registered by the criminals. I was a little bit confused and decided to analyze a recent Zeus sample (spread through a Spam campaign targeting US citizens),” Hssy wrote on his blog.

When I ran the binary in my sandbox, I’ve seen some weird UDP traffic. My first guess was: This is not ZeuS. But after I’ve analyzed the infection I came to the conclusion that it is actually ZeuS,” he noted.

What does Zeus Financial Malware do? 

After installation in a system, Zeus establishes contact with its other counterparts on different machines in order to download a fresh set of IPs. Also, it updates itself to the latest version by getting in touch with those systems that already have the newer version.

Zeus is actually one of the very oldest and strongest trojans available in the black hat world. Until some months back the trojan was only available once you pay a good sum of money to its original author. It was recently when the source code of the trojan was leaked on the Internet. Since then people with a proper understanding of that code have created plenty of variations of the same.

We all know that the fight between criminals and security researchers is a cat and mouse game. I’m sure this wasn’t the last change made to ZeuS and we will continue to see efforts from criminals to make their malware stay more under the radar,” Hssy concluded.

As per latest reports, Zeus is one of the most dangerous threats that are currently present on the Internet for financial institutions.

0 comments… add one

Leave a Comment

Scroll Up