Trend Micro Facebook TrendLabs Twitter Malware Blog RSS Feed You Tube - Trend Micro
Search our blog:

  • Recent Posts

  • Calendar

    April 2014
    S M T W T F S
    « Mar    
     12345
    6789101112
    13141516171819
    20212223242526
    27282930  
  • About Us

    Trend Micro advanced threat researchers recently came across a new ZBOT/ZeuS binary file detected as TROJ_ZBOT.BTM.

    ZBOT/ZeuS variants are well-known for stealing banking information from its victims via various social engineering tactics (e.g., spammed messages, malicious links sent to social networking site members in the guise of messages, and compromised legitimate sites), as evidenced by the following documented noteworthy occurrences:

    Apart from the usual information-stealing tactics ZBOT/ZeuS Trojans are known for, however, this new variant came with a hidden message that thanks and taunts some well-known antivirus companies for the help they provide the cybercriminals behind the malware to constantly improve on their craft. The said message, however, will only be visible after the binary file (version 1.3.3.3) unpacks and copies itself onto affected systems’ memory.

    Click for larger view

    This taunting message shows that cybercriminals have systems that monitor the performance of antivirus companies in detecting their craft and they are constantly updating their software to avoid detection.

    Trend Micro™ Smart Protection Network™ already protects product users from this threat by blocking access to the malicious site, http://{BLOCKED}p.com/consc/cons.exe, where the binary file could be downloaded via the Web reputation service and by detecting and preventing the file’s execution on affected systems via its file reputation service.

    Non-Trend Micro product users, on the other hand, can also stay protected by using free tools like Web Protection Add-On, which was especially designed to block user access to potentially malicious websites in real-time.





    Share this article
    Get the latest on malware protection from TrendLabs
    Email this story to a friend   Technorati   NewsVine   MySpace   Google   Live   del.icio.us   StumbleUpon






     

    © Copyright 2013 Trend Micro Inc. All rights reserved. Legal Notice