New tricks being used to deliver Zeus banking malware

3 February 2014

Well-known malicious software program Zeus, which has been used to steal information from a number of major banking institutions around the world, has been further developed by hackers.

According to security company Malcovery Security, criminals have created a new way of slipping past measures that alert institutions when they are under attack.

It revealed that none of the 50 security programs on Google's anti-virus scanning service were spotting the Zeus malware on Sunday (2 February).

Gary Warner, Malcovery's chief technologist, posted on his blog an assortment of spam messages, which fooled brands and organisations such as the payment processor ADP, the Better Business Bureau and the British tax authority HMRC.

He revealed that the spam messages contained a .zip file that held a small application called UPATRE, which downloads an .enc file and decrypts it.

This file is called GameOver Zeus, a variant of the Zeus malware, which can then be used to access bank account information.

As the file in question is a .enc, security measures are not picking it up as malware, the security expert revealed.

By Gary Cooper

Become a bobsguide member to access the following

1. Unrestricted access to bobsguide
2. Send a proposal request
3. Insights delivered daily to your inbox
4. Career development