Menu
Hackers use a trick to deliver Zeus banking malware

Hackers use a trick to deliver Zeus banking malware

Zeus is encrypted and contained in an ".enc" file, which security products allow through, according to Malcovery Security

Hackers found a new way to slip past security software and deliver Zeus, a long-known malicious software program that steals online banking details.

Security company Malcovery Security, based in Georgia, alerted security analysts after finding that none of 50 security programs on Google's online virus scanning service VirusTotal were catching it as of early Sunday.

Gary Warner, Malcovery's chief technologist, posted on his blog an assortment of spam messages, which spoofed brands and organizations such as the payment processor ADP, the Better Business Bureau and the British tax authority HMRC.

The spam messages contain a ".zip" file, which, if opened, contains a small application called UPATRE. That executable file downloads a ".enc" file, which it then decrypts. The decrypted file is GameOver Zeus, a variant of the notorious Zeus malware.

Zeus first appeared in 2006 and has long been a thorn in the side of banks. Its source code was leaked in May 2011, and cybercriminals have continued to make improvements to make its network more resilient, according to Dell's SecureWorks unit.

Security products are appearing to stumble on the ".enc" file since it doesn't end in ".exe," which designates an executable program, Warner wrote.

"Why? Well, because technically, it isn't malware," he wrote.

He advised that network administrators check their logs to see if any ".enc" files have been downloaded on their networks. The spam is distributed by the Cutwail botnet, another long-running botnet known for distributing malware.

"It is likely that many different criminals are paying to use this infrastructure," Warner wrote.

Send news tips and comments to jeremy_kirk@idg.com. Follow me on Twitter: @jeremy_kirk


Follow Us

Join the newsletter!

Or

Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.

Tags securitymalwaredata protectionencryptionExploits / vulnerabilitiesDesktop securityMalcovery Security

Featured

Slideshows

Reseller News launches new-look Awards at 2018 Judges’ Lunch

Reseller News launches new-look Awards at 2018 Judges’ Lunch

Introducing the Reseller News Innovation Awards, launched to the channel at the 2018 Judges’ Lunch in Auckland. With more than 70 judges now part of the voting panel, the new-look awards will reflect the changing dynamics of the channel, recognising excellence across customer value and innovation - spanning start-ups, partners, distributors and vendors.

Reseller News launches new-look Awards at 2018 Judges’ Lunch
Kiwi channel debates GDPR as Reseller News Exchange hits Wellington

Kiwi channel debates GDPR as Reseller News Exchange hits Wellington

This exclusive Reseller News Exchange, in association with Arrow ECS ANZ, ForeScout and StorageCraft, went on the road to debate the early implications of GDPR in New Zealand, extracting opportunities while evaluating challenges for the channel in the year ahead.

Kiwi channel debates GDPR as Reseller News Exchange hits Wellington
Show Comments