Wednesday, April 21, 2010

Trusteer Detects Rapid Spread of New Polymorphic Version of Zeus Online Banking Trojan



http://www.trusteer.com

Completely Redesigned Malware Now Targets Firefox Browsers and has Already Infected One in Every 3,000 Computers

NEW YORK--(BUSINESS WIRE)--Trusteer, the leading provider of secure browsing services, today announced that a completely new version of the Zeus (Zbot) password stealing Trojan that targets online banking users has already been detected by the Trusteer Rapport service on one in every 3,000 computers it monitors.



This is an unprecedented rate of distribution for new financial malware code. Version 1.4 of Zeus, also known as version 2, now targets Firefox as well as Internet Explorer browsers and uses advanced polymorphic techniques to avoid antivirus detection.
“We expect this new version of Zeus to significantly increase fraud losses, since nearly 30 percent of internet users bank online with Firefox and the infection rate for this piece of malware is growing faster than we have ever seen before”
Trusteer used its Flashlight remote fraud investigation and mitigation service to link Zeus 1.4 with fraud committed against both commercial and consumer banking customers in North America and the United Kingdom. Flashlight was able to collect new Zeus configurations and code samples from infected computers. This new version of Zeus is completely different than versions 1.2 and 1.3.
The Internet’s Leading Banking Trojan
Zeus is considered the most trusted and robust malware platform for online banking fraud, and has been licensed by numerous criminal organizations to launch targeted attacks against a specific bank's customers. he new version of Zeus targets the growing population of Firefox users, in addition to Internet Explorer. Previous versions were incapable of exploiting Firefox to commit sophisticated online fraud against banks using strong layers of authentication. However, Zeus 1.4 supports HTML injection and transaction tampering for Firefox, two techniques which are effectively used to bypass strong authentication and transaction signing solutions.





“We expect this new version of Zeus to significantly increase fraud losses, since nearly 30 percent of internet users bank online with Firefox and the infection rate for this piece of malware is growing faster than we have ever seen before,” said Amit Klein, CTO of Trusteer and head of the company’s research organization. “Fortunately, the Trusteer Flashlight and Rapport services have enabled us to detect the rapid distribution of Zeus 1.4 early and alert financial institutions. We are recommending they maintain a layered approach to malware blocking and make sure they have the proper detection, investigation, mitigation, and response tools in place.”
Poor Antivirus Detection Rates
Zeus, which is also known as Zbot, WSNPOEM, NTOS and PRG, is the most prevalent financial malware on the Internet today. It infects PCs, waits for the user to log onto a list of targeted banks and financial institutions, and then steals their credentials which are sent to a remote server in real time. It can also modify, in a user’s browser, the genuine web pages from a bank’s web servers to ask for personal information such as payment card number and PIN, one time passwords, etc.
Antivirus detection of Zeus has a poor track record. In a 2009 report based on information gathered from 3 million desktops in North America and the UK Trusteer found that the majority of Zeus infections occur on antivirus protected machines. Specifically, Trusteer found that among Zeus infected machines 55% had up-to-date antivirus protection installed. The population of machines infected with older versions of Zeus is enormous -- one in every 100 computers according to Trusteer research. Zeus 1.4 was specifically crafted to avoid antivirus detection and uses advanced polymorphic techniques, which make antivirus technologies completely blind to it.
About Trusteer
Trusteer, the world’s leading provider of secure browsing services, helps prevent financial malware attacks through its Rapport and Flashlight services. Trusteer Rapport enables online businesses to secure communications with their customers and employees over the Internet and protect data against malware and fraudulent websites. It locks down the browser to secure browser communication and prevents zero-day malware and phishing attacks. Trusteer Flashlight allows organizations to remotely, effectively, and instantly investigate malware-related fraud incidents. Trusteer’s solutions are used by more than 50 leading financial organizations in North America and Europe and by more than 6 million end-users. Trusteer is a privately held corporation led by former executives from RSA Security, Imperva, and Juniper. For more information visit www.trusteer.com.

Contacts

North America:

Marc Gendron PR

Marc Gendron, 781-237-0341

marc@mgpr.net

or

United Kingdon:

Eskenzi PR Ltd.

Neil Stinchcombe, +44 20 71 832 833

neil@eskenzipr.com
Permalink: http://www.businesswire.com/news/home/20100421005587/en/Trusteer-Detects-Rapid-Spread-Polymorphic-Version-Zeus


Reblog this post [with Zemanta]

Disqus for ePayment News