IDG News Service - The rumored combination of two pieces of advanced online banking malware appears to be fully underway after several months of speculation.
What appears to be a beta version of a piece of malware that has bits of both Zeus and SpyEye is now in circulation, albeit among just a few people, said Aviv Raff, CTO and cofounder of Seculert.
Seculert has published screen shots of the new malware, which has two versions of a control panel used for managing infected computers. One of those control panels resembles one in Zeus, and the other resembles that in SpyEye. Both of the control panels are connected to the same back-end command-and-control server, he said.
Raff said the reason for the dual control panels is "because many of the criminals are used to the look-and-feel of the Zeus administration panel and will find it easier to migrate to the new version."
For some time vendors including Trend Micro and McAfee as well as security writer Brian Krebs have written about rumors that the Russian hacker who wrote Zeus was getting out of the business.
The source code for Zeus was rumored to have been transferred to the creator of SpyEye, and it was anticipated that the two pieces of malware would be combined. That evidence has just emerged now, Raff said.
It doesn't bode well for banks. Zeus, which is tailored to evade security software, grab online banking credentials and execute transactions on the fly, has been more than an annoyance.
Zeus has been used by several highly organized criminal rings to transfer money out of victims' accounts. Last year, dozens of people were arrested in the U.S. and U.K. and accused of being money mules for the gangs.
The new malware also has at least a couple of new features. One of those is designed to defeat Rapport, a browser add-on from the security vendor Trusteer that intends to protect connections between a client and a bank server and resist man-in-the-middle attacks. Previously, the anti-Rapport feature was a separate module for Zeus, but now it has been baked in, Raff said.
The malware writers have also added a way to remotely connect to a victim's computer using the Remote Desktop Protocol, a Microsoft protocol that allows a remote user to access a computer using the normal Windows graphical interface rather than a command line.
So far, Raff said it appears that only a few cybercriminals are using the new version. He declined to say how Seculert obtained the malware or how much it might be selling for on the malware market.
"It seems to be still under development, with bug fixes released almost daily," Raff said.
- Best iPhone, iPad Business Apps for 2014
- 14 Tech Conventions You Should Attend in 2014
- 10 Desktop Apps to Power Your Windows PC
- How to Add New Job Skills Without Going Back to School
- Slideshow: 7 security mistakes people make with their mobile device
- iOS vs. Android: Which is more secure?
- 11 sure signs you've been hacked
- The 12 PCI DSS 3.0 requirements addressed by Peer 1 Hosting This handy quick reference outlines the 12 PCI DSS 3.0 requirements, who needs to be compliant and how Alert Logic solutions address the...
- Defense Throughout the Vulnerability Life Cycle This whitepaper provides insight into how to leverage threat and log management technologies to protect your IT assets throughout their vulnerability life cycle.
- Mobile Policy Checklist Here's what to consider when putting together a mobile policy designed to support a highly productive workforce.
- Securing BYOD Mobile computing is becoming so ubiquitous that people no longer bat an eye seeing someone working two devices simultaneously. Individuals and organizations are...
- Live Webcast On-demand webinar: "Mobility Mayhem: Balancing BYOD with Enterprise Security" Check out this on-demand webinar to hear Sophos senior security expert John Shier deep dive into how BYOD impacts your enterprise security strategy...
- Live Webcast Endpoint Backup & Restore: Protect Everyone, Everywhere Arek Sokol from the bleeding-edge IT team at Genentech/Roche explains how he leverages cross-platform enterprise endpoint backup in the public cloud as part...
- Streamline Software Asset Management, Compose a software Management Symphony Keeping track of your organization's software is easy with effective software management solutions from CDW. View the videos in our software solutions channel
- Druva inSync: Endpoint Data Protection & Governance CLICK HERE to watch this video about protecting corporate data on laptops and mobile devices, sponsored by Druva. All Security White Papers | Webcasts