now browsing by tag


#cybersecurity | #hackerspace | Zeus Virus AKA Zbot – Malware of the Month, November 2019

Source: National Cyber Security – Produced By Gregory Evans

When you’re named after the ancient Greek king of the gods, you’ve got a reputation to live up to. And our malware of the month — Zeus Virus, or commonly known as Zbot, Zeus Trojan, or simply Zeus Malware – doesn’t fall short. Over the past few months, we’ve profiled a few truly destructive malware types such as Kovter, Emotet, and Trickbot. Zeus though takes the cake, by cobbling together all of the crafty attributes in these malware types — stealthiness, undetectability and the ability to resiliently evolve.

What is the Zeus Virus, or Zbot?

Zeus Virus is a Trojan malware package that particularly targets Microsoft Windows. Trojan types of malware mislead users of its true intent, much like its namesake horse. Zeus made a king’s entry in 2007  attacking both top corporate houses and US government institutions with one swoop. 

Since then, it has become one of the most damaging botnets in the world, thus popularizing the Zbot moniker. Amongst its notable attacks was a $70 million heist from hacked bank accounts causing the FBI to intervene. Even more worrisome is that it has reproduced hundreds of mal-variants that are based on its code. Even though cybersecurity experts heaved a sigh of relief when its creator purportedly “retired,” the Zeus malware mafia lives on.

How does Zeus work?

Zeus’ main vectors are mail spam, malicious social engineering and by inserting itself into legitimate product downloads, also known as drive-by downloads.

Once in the victim’s machine, Zeus Virus creates a hidden “backdoor” on the computer. Backdoor malware is especially dangerous as it allows the attacker to have full access and complete control over the machine, and consequently an entry-point into the company’s network. Zeus then proceeds to steal the victim’s data including personal details, application logins, and banking information. Or, its avatar Zbot inducts infected machines into a botnet — a network of other compromised machines controlled by a master hacker. This can lead to devastating wide-scale attacks that infect the entire network of the organization.

Tips to protect your organization from Zeus Malware

  • Strengthen Authentication: Most malware attacks are the result of compromised and weak credentials. Two-Factor Authentication or Multi-Factor Authentication (MFA) are excellent gate-keepers, that prevent unauthorized access of applications. Make sure all your applications, including third-party ones, support and implement it.
  • Create Anti-Phishing Policies – Office 365 includes built-in features that protect your users from phishing attacks. Take advantage of the threat management tools in Office 365 to set up anti-phishing policies and increase your protection status. You can even create custom policies for specific users, groups, or domains. 
  • Cybersecurity Training: Phishing and social engineering are Zeus’ key vectors, as is the case with most types of malware. Hence, an essential malware prevention best practice is to conduct regular org-wide cybersecurity training. Educate colleagues about the basics of good security hygiene, such as checking the sender’s email ID, and avoiding downloading attachments or clicking URLs from unknown sources and alerting support about emails with suspicious content.
  • The Usual Protectors: Check that your anti-virus solutions are auto-updated, and that you have robust firewalls and network monitoring tools in place.

Malware attacks are on the rise. Ensure that your business, colleagues or customers are not held ransom to them, by backing up your data securely. Spanning Backup provides top-rated SaaS backup and recovery solutions for Office 365, G Suite, and Salesforce. With Spanning’s accurate, real-time data backup that you can drastically limit the damage of malware attacks, and ensure business continuity by quickly recovering lost or corrupted data with a few clicks.

Learn How Spanning Protects Office 365

Source link

The post #cybersecurity | #hackerspace |<p> Zeus Virus AKA Zbot – Malware of the Month, November 2019 <p> appeared first on National Cyber Security.

View full post on National Cyber Security

Gameover ZeuS Trojan Targets Users of Monster.com Employment Portal

Zeus Trojan is one of the most popular families of Banking Trojan, which was also used in a targeted malware campaign against a Salesforce.com customer at the end of the last month and researchers found that the new variant of Zeus Trojan has web crawling capabilities that are used to grab sensitive business data from that customer’s CRM instance.‘GameOver’ Banking Trojan is also a variant of Zeus financial malware that spreads via phishing emails. GameOver Zeus Trojan makes fraudulent transactions from your bank once installed in your system with the capability to conduct Distributed Denial of Service, or DDoS, attack using a botnet, which involves multiple computers flooding the financial institution’s server with traffic in an effort to deny legitimate users access to the site.Now, a new variant of GameOver Zeus Trojan has been spotted, targeting users of popular employment websites with social engineering attacks, implemented to fetch additional private information about the victims, that could be used for bypassing multi-factor authentication mechanisms on other websites or services.


The new variant has the capabilities to use complex web injections and perform Man-In-The-Browser (MITB) attack, which means it has caliber to infect a web browser to modify web pages, modify web contents or can insert addition contents, all in a completely covert fashion invisible to both the user and web host, even when other authentication factor solutions are in use.Initially the new variant of the GameOver Zeus Trojan targeted ‘CareerBuilder.com’, which is the largest employment website in the US, but now the researchers at F-Secure came across the same variant targeting one of the world largest employment website, ‘Monster.com’.The victims are served with the fake login page which looks similar to the same legitimate page (hiring.monster.com) of the website. Once the victim login, they are directed to the web page injected by the malware.

The web page serves 18 different security questions to choose from, that are nothing but all the common security questions which the various websites ask; from mailing websites to financial ones. The list of which are given below:• In what City / Town does your nearest sibling live?• In what City / Town was your first job?• In what city did you meet your spouse/significant other?• In what city or town did your mother and father meet?• What are the last 5 digits / letters of your driver\’s license number?• What is the first name of the boy or girl that you first dated?• What is the first name of your first supervisor?• What is the name of the first school you attended?• What is the name of the school that you attended aged 14-16?• What is the name of the street that you grew up on?• What is the name of your favorite childhood friend?• What is the street number of the first house you remember living in?• What is your oldest sibling\’s birthday month and year? (e.g., January 1900)• What is your youngest sibling\’s birthday?• What month and day is your anniversary? (e.g January 2)• What was the city where you were married?• What was the first musical concert that you attended?• What was your favorite activity in school? The researchers warned the HR Recruiters with the website accounts to be on the lookout for any such irregularities.

Source: http://whogothack.blogspot.co.uk/2014/04/gameover-zeus-trojan-targets-users-of.html#.Vl4DA1UrLIU

The post Gameover ZeuS Trojan Targets Users of Monster.com Employment Portal appeared first on Am I Hacker Proof.

View full post on Am I Hacker Proof

Dangerous new Zeus Malware Fools Anti-Virus

Source: National Cyber Security – Produced By Gregory Evans

A new and “extremely dangerous” version of the notorious Zeus malware has been discovered with the ability to fool detection systems by hiding behind an apparently legitimatedigital signature. The virus was revealed by US vendor Comodo Antivirus Labs late last week. The company found over 200 unique hits by the malware on its customers, it said in a blog post. It downloads data-stealing malware hidden by a rootkit component, aiming to steal login credentials, credit card and other information that the user keys into a web form. UK-based security expert Richard Moulds, vice president of strategy at Thales e-Security, said if an attacker can sign their malicious code in a way that passes the validation process, “they are a huge step further in mounting an attack.” “Windows, iOS, Android and Linux all use code-signing to ensure that only legitimate, signed code is installed and executed. Code-signing provides the best mechanism for proving that code hasn’t been modified and therefore is a way of spotting malware infected software and rejecting it,” he said. The Zeus or Zbot Trojan is designed to steal online banking and other sensitive user data. In February, research from Dell SecureWorks showed Zeus and the related Citadel malware […]

For more information go to http://www.NationalCyberSecurity.com, http://www. GregoryDEvans.com, http://www.LocatePC.net or http://AmIHackerProof.com

The post Dangerous new Zeus Malware Fools Anti-Virus appeared first on National Cyber Security.

View full post on National Cyber Security

9 charged for stealing millions of dollars with Zeus Malware

The Zeus malware is one of the most damaging pieces of financial malware that has helped the culprits to infect thousands of business computers and capture passwords, account numbers and other information necessary to log into online banking accounts.

U.S. Department of Justice unsealed charges against nine alleged cyber criminals for distributing notorious Zeus malware to steal millions of dollars from bank accounts.

Vyachesla V Igorevich Penchukov, Ivan Viktorvich Klepikov, Alexey Dmitrievich Bron, Alexey Tikonov, Yevhen Kulibaba, Yuriy Konov Alenko, And John Does are charged to devise and execute a scheme and artifice to defraud Bank Of America, First Federal Savings Bank, First National Bank Of Omaha, Key Bank, Salisbury Bank & Trust, Union Bank And Trust, And United Bankshares Corporation, all of which were depository institutions insured by the Federal Deposit Insurance Corporation.

They are also accused to use Zeus, or Zbot, computer intrusion, malicious software, and fraud to steal or attempt to steal millions of dollars from several bank accounts in the United States, and elsewhere.

It has also been reported that defendants and their co-conspirators infected thousands of business computers with software that captured passwords, account numbers, and other information necessary to log into online banking accounts, and then used the captured information to steal millions of dollars from account-holding victims’ bank accounts.

Account holding victims include Bullitt County Fiscal Court, Doll Distributing, Franciscan Sisters Of Chicago, Husker Ag, Llc, Parago, Inc., Town Of Egremont, And United Dairy…

They have also been given notice by the United States of America, that upon conviction of any defendant, a money judgment may be imposed on that defendant equal to the total value of the property subject to forfeiture, which is at least $70,000,000.00.

The United States of America has also requested that trial of the case be held at Lincoln, Nebraska, pursuant to the rules of this Court. The Metropolitan Police Service in the U.K., the National Police of the Netherlands’ National High Tech Crime Unit and the Security Service of Ukraine are assisting the investigation.

Source: http://whogothack.blogspot.co.uk/2014/04/9-charged-for-stealing-millions-of.html#.VleUZ1UrLIU

The post 9 charged for stealing millions of dollars with Zeus Malware appeared first on Am I Hacker Proof.

View full post on Am I Hacker Proof

Scammers suspected for stealing millions and infecting computers through ‘Zeus’

Nine people linked with ‘Zeus’ malware have been blamed for stealing million and infecting thousands of computers, federal officials announced on Friday as they declared the code “one of the most damaging pieces of financial malware that has ever been used.”

A blame in PDF File has been unsealed Friday charges nine people, most of them belongs to Ukraine. The authorities said that the defendants used ‘Zeus’ to steal passwords , accoutn numbers and personal identocation numbers.

According to the Justice Department , Kulibaba approximately ran ‘the conspirators’ a money laundering network in U.S which provided money mules and their banking credentials from U.S based victims accounts.

First seen in 2007 , malwares based on ‘Zeus’ infected millions of computers world wide. In 2010 a study by company RSA  a network securioty company conlcuded that 500 companies showed evidence of some form a ‘Zeus’ botnet infection.

Zeus was being sold as a commerical product on $700 price and Its source code was posted in many forums in 2011 by several hackers.

Source: http://whogothack.blogspot.co.uk/2014/04/scammers-suspected-for-stealing.html#.ViFoivmqqko

The post Scammers suspected for stealing millions and infecting computers through ‘Zeus’ appeared first on Am I Hacker Proof.

View full post on Am I Hacker Proof

After Takedown, GameOver Zeus Banking Trojan Returns AgainNational Cyber Security

nationalcybersecurity.com – A bedroom without a closet can seem like a major inconvenience — and an absolute horror to anyone who loves clothes. But with a little imagination and minimal repurposing, closet-free folks can thr…

View full post on Hi-Tech Crime Solutions Daily