Patnote Virus Used to Distribute ZeuS Trojan

Code appended by Patnote to executable files

Security researchers from Trend Micro have spotted an interesting malware distribution campaign. Cybercriminals are using the Patnote (Pioneer) virus to spread ZeuS (Zbot).

When the Patnote file infector is launched, it appends its code to all executable files, including ones on removable and network drives. This code is designed to drop and execute the embedded ZeuS version (TSPY_ZBOT.PNR) into the “User Temp” folder, and infect other executables.

The fact that Patnote spreads across multiple systems makes the threat more difficult to remove. It also allows ZeuS to infect networks with restricted Web access.

It’s also worth noting that Patnote employs some mechanisms that prevent researchers from analyzing it. It’s designed to stop working if analysis tools such as StudPDE, ProcDump, OllyDbg or WinHex are detected.

To avoid getting your system infected with this threat, avoid clicking on suspicious links, and always keep your antivirus software updated.


Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s