Security researchers from Comodo have identified a new version of the notorious banking Trojan known as ZeuS. The variant analyzed by experts is signed with a valid digital certificate, which makes the threat more difficult to detect and remove.
More than 200 of Comodo’s customers have been targeted with this threat. Cybercriminals are distributing the malware with the aid of spam emails, or via exploits planted on malicious or compromised websites.
The malware component is typical for ZeuS. It launches man-in-the-middle attacks to steal sensitive information, particularly financial data. The rootkit is designed to hide the malware and make it more difficult to remove.
The rootkit components are downloaded from two different domains. The rootkit is installed within Boot Bus Extender to ensure that it’s loaded before other drivers when the computer boots up.
Additional technical details on this new ZeuS variant are available on Comodo’s blog.