Zeus banking malware hides a crucial file in a photo
Security software is less likely to flag a '.jpg' file as a malicious
IDG News Service - A newly discovered variant of the notorious Zeus banking trojan is disguising a crucial configuration code in a digital photo, a technique known as steganography.
Zeus is one of the most effective tools to steal online banking details, hijacking login details as a person accesses his account and masking secret transfers in the background.
The variant, called ZeusVM, downloads a configuration file that contains the domains of banks that the malware is instructed to intervene in during a transaction, wrote Jerome Segura, a senior security researcher with Malwarebytes. He wrote the behavior was first noticed by a French security researcher who writes under the name Xylitol.
"The malware was retrieving a JPG image hosted on the same server as were other malware components," Segura wrote.
Steganography has long been used by writers of malicious software. By embedding code in a file format that looks legitimate, there's a chance the file will be given a green light by security software.
"From a webmaster point of view, images (especially ones that can be viewed) would appear harmless," Segura wrote.
The suspect image appears to be much larger when compared to an identical one in bitmap mode, he wrote. The data added by the cybercriminals had been encrypted using Base64 encoding and then RC4 and XOR encryption algorithms.
When decrypted, the file shows the banks targeted, including Deutsche Bank, Wells Fargo and Barclays.
Send news tips and comments to firstname.lastname@example.org. Follow me on Twitter: @jeremy_kirk
- Silicon Valley's 19 Coolest Places to Work
- Is Windows 8 Development Worth the Trouble?
- 8 Books Every IT Leader Should Read This Year
- 10 Hot Hadoop Startups to Watch
- Slideshow: 7 security mistakes people make with their mobile device
- iOS vs. Android: Which is more secure?
- 11 sure signs you've been hacked
- Logicalis eBook: SAP HANA: The Need for Speed Without timely business insights, organizations today can suffer logistical, manufacturing, and even financial disaster in a matter of minutes
- Neustar 2014 DDoS Attacks and Impact Report For the third consecutive year, Neustar surveyed hundreds of companies on distributed denial of service (DDoS) attacks. The survey reveals evidence that the...
- Acxiom Case Study This case study, which focuses on Acxiom, explores how the company was able to secure employee data, reduce migration costs and boost productivity...
- Windows® XP Migration: Protect and Secure Critical Data With the end of the Microsoft Windows XP operating system's lifecycle on April 8, 2014, businesses are faced with the decision to migrate...
- Top 4 Digital Signage Fails Join RMG Networks for a look at four of the most common reasons digital signage fails in corporate businesses. Learn about strategies to...
- Building Tomorrow's Infrastructure Listen to this podcast to discover how Crider Foods worked with PC Connection to update their IT infrastructure, while maintaining compliance and control. All Cybercrime and Hacking White Papers | Webcasts