Trend Micro Facebook TrendLabs Twitter Malware Blog RSS Feed You Tube - Trend Micro
Search our blog:

  • Recent Posts

  • Calendar

    September 2013
    S M T W T F S
    « Aug   Oct »
    1234567
    891011121314
    15161718192021
    22232425262728
    2930  
  • About Us
    TrendLabs Security Intelligence Blog(breadcrumbs are unavailable)

    Archive for September 16th, 2013




    In our 2Q Security Roundup, we noted the resurgence of online banking malware, in particular the increase of ZeuS/ZBOT variants during the quarter. While ZeuS/ZBOT has been around for some times, its prevalence shows that it is still a big threat to end users today.

    For the month of August, 23% of spam with malicious attachments were found carrying ZeuS/ZBOT variants, while 19% served FAREIT variants.

    ZeuS/ZBOT variants also had the distinction of being the most distributed malware by IPs related to spam botnets. It is also associated with various worm families that can spread itself or other malware families via email. A system infected with ZeuS/ZBOT may be infected about five other worm variants like WORM_MYDOOM, WORM_VB, and WORM_BAGLE.

    Figure 1. Malware families spread by spam

    Compared to others, the majority of spam carrying either ZeuS/ZBOT or FAREIT looked more like legitimate messages, and were likely to supposedly come from well-known brands or companies.

    Figure 2. Sample FAREIT spam

    Figure 3. Sample ZeuS/ZBOT spam

    Once installed, Zeus/ZBOT variants are known to monitor users’ browsing behavior pertaining to visits to specific online banking sites. If users visit these sites and try to login using their credentials, the malware inject additional field for users to fill out and then steal these information. Cybercriminals can then use these stolen data to either initiate unauthorized transactions or sell in the underground market.

    FAREIT is another data-stealing malware that gathers emails and FTP login credentials. This malware can also download other malware variants, including Zeus/ZBOT. Previously, we saw a UK tax-themed spam that delivers a FAREIT variant, which also downloads a ZBOT malware.

    Trend Micro blocks the spammed messages and detects the malware cited in this blog post. It is important for end users to know how to tell apart legitimate email from spam, particularly those that use well-known brands as a social engineering lures. Best computing practices, such as being wary of attachments from unverified email, can come a long way when it comes to protecting your system and information.

     
    Posted in Malware, Spam | Comments Off


     

    © Copyright 2013 Trend Micro Inc. All rights reserved. Legal Notice