Researchers at Comodo AV labs have identified a new variant of Zeus Banking Trojan which is signed with valid digital certificate making it difficult for any AV software to identify it.

Dangerous Zeus Banking Trojan Variant  found with valid digital certificate

The Comodo lab discovered the threat more than 200 times during monitoring and analyzing data from users of its Internet security system. 

The Zeus Banking trojan which is commonly used by the hackers to steal online banking credentials of the users with “Man-the-Browser” (MitB) attack. The hackers who want to use this priceless information  have to create a remote session where they can see exactly what the victim is doing and interfere with all their cyber actions without their knowledge.

What makes this Variant more dangerous is that it is signed with a valid digital signature which is apparently stolen from Swiss software company isonet. A digital signature assures browsers and antivirus systems that a file is legitimate and not a threat.

The Malware is typically distributed through phishing emails or compromised web pages, since this variant is signed with a digital Certificate the browser or Antivirus shows it as a genuine Application.
Once the Application file is executed, the Malware downloads its payload which contains the rootkit and other malware components.  Once the rootkit is downloaded and running, it prevents the user or Antivirus software to detect and delete the Malware from the device.

A sample of the Malware was analysed and it was found that the variant tricks the victim to execute it by posing as an Internet Explorer document that included an icon similar to the Windows browser.
The malware is detected as Trojan.Win32.Zbot. and the digital certificate seems to be from Swiss software company isonet which probably was stolen by hackers.

The best way to stay protected from any such threat is to keep your Antivirus program up to date.

LEAVE A REPLY

Please enter your comment!
Please enter your name here