In the past, we reported about the emergence of malware based on the leaked ZeuS code such as Ice IX and ZeuS 2.3.2.0. The usage of the leaked code continued on since then and has resulted in attacks such as the one I’m about to share on. My colleagues and I have been monitoring another new…
Read MoreJasper Manuel
Threat Response Engineer
With ZeuS’s source code leakage, we expected more cybercriminals to craft their own HTTP-controlled bots based on ZeuS. Last week, we started to see the first generation of modified ZeuS variants called Ice IX, based on the said source code. According to the seller’s post on underground forums, one of Ice IX’s main selling points…
Read MoreThe last time a significant ZeuS/ZBOT development cropped up in the threat landscape, a new ZeuS-LICAT variant was identified. It was also not too long ago when news of a possible merger between the creator of ZeuS and SpyEye made headlines. This time, it is interesting to see an earlier version of the notorious malware…
Read MoreTrend Micro has received reports from users about a new, dangerous file infector. This threat, detected as PE_LICAT.A, uses a domain generation algorithm, a technique last seen in WORM_DOWNAD/Conficker variants. This technique allows the file infector to download and execute malicious files from various servers on the Internet. Like WORM_DOWNAD, PE_LICAT.A generates a list of…
Read MoreAs reported last week, exploits targeting the Windows shortcut zero-day vulnerability have risen in number. It is also now being used to spread ZBOT variants via malicious attachments to spammed messages, now blocked by Trend Micro products, with the subject Microsoft Windows Security Advisory and the following message: The message claims to come from Microsoft…
Read More