ZeuS Botnet Updating Infected Systems with Rootkit-Equipped Trojan


ZeuS-Banking-Trojan-equipped-with-Rootkit-to-Protect

ZeuS, or Zbot is one of the oldest families of financial malware, it is a Trojan horse capable to carry out various malicious and criminal tasks and is often used to steal banking information. It is distributed to a wide audience, primarily through infected web pages, spam campaigns and drive-by downloads.
Earlier this month, Comodo AV labs identified a dangerous variant of ZeuS Banking Trojan which is signed by stolen Digital Certificate belonging to Microsoft Developer to avoid detection from Web browsers and anti-virus systems.
FREE! FREE! ZeuS BRINGS ROOTKIT UPDATE
Recently, the security researcher, Kan Chen at Fortinet has found that P2P Zeus botnet is updating its bots/infected systems with updates version that has the capability to drop a rootkit into infected systems and hides the trojan to prevent the removal of malicious files and registry entries.
The new variant also double check for the earlier installed version (0x38) of ZeuS trojan on the infected system and then replaces it with updated binary files (0X3B version).
ā€œEvery P2P Zeus binary would extract the version number from the update packet and compare the version number that is hardcoded in its bodyā€ to verify the success of update process.

Zeus_Critica_lUpdate

According to researchers, there is only a minimal change in the new variant of P2P Zeus as the new binary also drops a rootkit driver file into the %SYSTEM32%\drivers folder, apart from its original functions. New Zeus Trojan equipped with rootkit feature makes it more sophisticated and increases the difficulty of removing Zeus from infected systems.
HOW TO PROTECT YOURSELF FROM ZeuS TROJAN
  • We recommend users to use common sense and think twice before giving a click to any link on their e-mails or at any other websites they visit.
  • Trustworthy companies don’t send attachments unless you have requested specific documents. So, always use caution if you receive any email from an unknown contact with attachments that you haven’t requested and do not bother to open it.
  • Install a best Internet Security Tool and Configure the firewall to maximize the security of your computer system.

 

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s