I
I
Ivan Tikhonov2011-09-22 09:37:37
Malware
Ivan Tikhonov, 2011-09-22 09:37:37

A new modification of Zeus?

Firstly, I would like to warn the habra community about a new wave of this malware. it is very unpleasant and is now used to steal funds from organizations' accounts through bank-client systems. It is not detected by antiviruses, it works even with limited accounts. Even looking at statements at the end of the day may not be effective. when implemented, it replaces the results of the issuance.
It all started with the fact that in several companies known to us, funds were withdrawn from the accounts, and then this malware was discovered in one of the branches of our company, it’s good that the bank, already taught by recent events, promptly blocked the accounts.
The following information was received from the local administrator - antiviruses can catch only some of the modules loaded by them, but after a seemingly complete cure, they are pumped into the system again, i.e. the malware itself is not detected.
So far, the only signs that have been determined are that in some cases on an infected machine, if hidden files are displayed, they are still not displayed, and if IP is distributed via DHCP, then infected computers can take crooked IP for themselves, not from the range allocated to them .
As more information becomes available, I'll post it here.
Well, now the question is, who has recently encountered this malware, how was it discovered, how did they fight it?

Answer the question

In order to leave comments, you need to log in

4 answer(s)
S
Saiputdin Omarov, 2011-09-22
@generalx

Waiting for news, very interesting...

X
Xkeeper, 2011-09-22
@Xkeeper

Sorts of Zeus in public, anyone can adjust the functionality and crypt, then the fact that some of the dropper files are scorched only speaks of the amateurishness of the modifiers. Almost everything can be thrown out of antiviruses, they will help only from non-targeted and massive attacks, and so it only eats percent and memory.

I
Ivan Tikhonov, 2011-09-22
@polym0rph

Throw out antiviruses from the computers of boos? And can they also leave admin rights to computers? No thanks.
I could not find a list of ways to infect them, no one met?

A
a97, 2011-09-22
@a97

Your profile says:
BTCSec.com is a Russian-language information resource about the Bitcoin network
Maybe your Zeus is a continuation of this banquet?

Bitcoin and malware
This summer, the Bitcoin electronic money system has become the focus of both users and criminals. The system of generating "coins", based on the use of computing power of computers, has become another way for illegal earnings, and this method is distinguished by super-anonymity. The number of generated "coins" depends on the power of your computer. The more computers you have access to, the greater your potential earnings. Having rather quickly passed the stage of attacks on the owners of bitcoin wallets in order to steal them, cybercriminals switched to the already traditional use of botnets.
Back in June, we discovered the first Trojan.NSIS.Miner.a, which generated bitcoins hidden from the user of the infected computer. This incident was the beginning of our cooperation with a number of large bitcoin pools (servers that store information about network members and their accounts), which allowed us to stop a number of similar botnets from working. The beginning of the confrontation between the antivirus industry and criminals in this new area has led to the fact that more and more sophisticated types of bitcoin botnets began to appear.

www.securelist.com/ru/analysis/208050714/Obzor_virusnoy_aktivnosti_avgust_2011

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question