Solved

Beware Greeks bearing lists: Bank-raiding nasty Zeus smuggles attack orders in JPEGs

  • 22 February 2014
  • 3 replies
  • 2 views

Userlevel 7

Trojan stashes config files in photos in mythology mash-up

By Iain Thomson, 20th February 2014 A new variant of the bank-account-raiding Zeus malware apparently uses the ancient technique of steganography to update its list of websites to subvert.
Dubbed ZeusVM, the crafty strain is just like its cousins in that it intercepts activity in a victim's web browser, siphons off passwords and other sensitive personal information to crooks, and can meddle with financial transactions to direct cash to crims' pockets.
 But French security researcher Xylitol, who spotted the ZeusVM variant, was intrigued to discover a.jpg photo of a sunrise was being downloaded by the software nasty and hidden among the malware's files.
 
ZeusVM stays dormant much of the time to avoid detection, but when the user visits a website that's on the malware's list of targets – such as a particular online banking website, social network, web mail service, and so on – the code fires up and goes to work. It will then run in the background while the victim authenticates, firing off any logged secrets to its master, or carrying out transactions as required.
 
Xylitol tipped off security firm Malwarebytes, which analyzed the.jpg image and found it was being used to update the list of URLs that awakens the Trojan: the file included web addresses for Wells Fargo, Barclays and Deutsche Bank sites.
The only clue that the picture file, fetched from a server hosting the malware, is used to distribute updated target lists is that the.jpg has a larger-than-expected file size.
 
 
Full Article
icon

Best answer by RetiredTripleHelix 22 February 2014, 15:14

View original

3 replies

Userlevel 7
Badge +7
I log in to banking websites via Webroot Password Manager secured by a 25 character complex password using only FireFox or Chrome browsers.  Always scan with WebrootSecureAnywherePlus prior to visiting.  Have Malwarebytes PRO with realtime enabled.  Am I safe from attack from this malware....your opinion ?
Userlevel 7
Badge +56
WSA is so strong on protecting your personal information and the Identity Shield is second to none!
 
https://community.webroot.com/t5/Webroot-SecureAnywhere-Antivirus/WSA-scores-100-in-MRG-Efitas-tests/m-p/54082#M2670
 
HTH,
 
TH
 
Userlevel 7
Badge +7
Thank You TH .... I am a "happier camper" now.  Very reassuring post !

Reply