02-03-2014 05:50 AM
A variant of the data-stealing Zeus Trojan – best known for targeting online banking – is using a new technique to bypass security systems, researchers have found.
By encrypting the executable file, cyber criminals are sneaking GameOver Zeus malware past web filters, network intrusion detection systems and other defences as a non-executable .enc file.
On 1 February 2014, US-based Malcovery Security alerted the security community and law enforcement agencies after its researchers identified the technique and observed its use trending upwards.
The attackers are using email messages that appear to come from HMRC, HSBC and other well-known brands to trick recipients into opening an attached .zip file, according to a Malcovery blog post.
If the attachment is opened, it launches a new version of the application called Upatre, which downloads and decrypts a .enc file, which is GameOver Zeus executable.
“If you are in charge of network security for your enterprise, you may want to check your logs to see how many .enc files have been downloaded recently,” said Gary Warner, CTO of Malcovery.
Before Malcovery raised the alarm, its researchers found none of the 50 security products used by online virus scanning service VirusTotal were blocking GameOver Zeus distributed in this way.
a month ago - last edited a month ago
As expected we have seen this ages ago, but we are not on VT so we werent included in the 50 AV Vendors
Invoice.PDF.exe -seen Jan 27
Employer_Bulletin_Issue_46_79520EEE31.exe -seen Jan 28
PaymentAdvice.exe -seen Jan-27
I am not going to go through all of the post but its nothing new really.