ZeuS Banking Trojan Now In Rootkit Form

Security Trojan HorseThe ZeuS banking Trojan has been around for a while now, but it’s popularity among cyber criminals is still high. It’s now being offered for sale to cybercriminals in rootkit form at very low prices.

From Wikipedia, the free encyclopedia

A rootkit is a stealthy type of software, often malicious, designed to hide the existence of certain processes or programs from normal methods of detection and enable continued privileged access to a computer.[1] The term rootkit is a concatenation of “root” (the traditional name of the privileged account on Unix operating systems) and the word “kit” (which refers to the software components that implement the tool). The term “rootkit” has negative connotations through its association with malware.[1]

The ZeuS banking Trojan, once injected onto your computer…usually through a visit to a malicious Internet website, listens quietly for a financial transaction to take place. It then gathers your banking credentials from the keyboard strokes you make to sign onto your bank account. Once gathering this information, it proceeds to transfer all of your funds to a bank account in a foreign bank account owned by cybercriminals.

Zeus has been so successful it’s been made into an exploit kit, a packaged malware that is set up to allow even inexperienced cybercriminals to use it. This has multiplied its existence around the world many fold in recent time. This brings us to the latest incarnation of ZeuS, it being offered as a bot with rootkit stealth functionality.

This newest version:

  • Encrypts its communication with its controlling computer so that security analysts can’t track them.
  • Protects the identity of its controlling computer.
  • Adds additional malware onto the computer in which it resides.
  • Hides itself from even the best anti-malware software.

ZeuS continues to be a formidable malware which is becoming more dangerous with each improvement made to it.

This is a good reason to make sure you’re protected by good anti-virus/malware protection and the use of security best practices in order to avoid being a victim of ZeuS.

Reference: Net Security.org article

Be very careful…it’s dangerous out there.

Please comment on this article; we all learn from each other when our views and opinions are shared.

I hope you enjoyed this article. If you enter your email address in the Email Subscriptions box on the right column of this page, I’ll send you an email when a new article is posted. I don’t share your email address with anyone…no one; I hate spam too. Please share my site with your friends and family. Thanks.

Remember, personal computing is a blast…keep it productive and enjoyable.

Best regards,

Paul

paulsinternetsecurity(at)yahoo.com

I’m also on Twitter, @PaulsInternet.

Images courtesy of FreeDigitalPhotos.net and FreeByte.com

Advertisements

2 Comments

Filed under Cybercrime, Internet Security, malware, Warning

2 responses to “ZeuS Banking Trojan Now In Rootkit Form

  1. Marcus

    (Profanities)
    Root Kits are the devil’s own malware. Are these root kits attacking Linux or Mac systems Paul?

    If you get a rootkit on Windows, in my experience you need to d-ban your hard drive and start from scratch.

    • Marcus,
      Thanks for the excellent comment and question. There are rootkits for Linux and Mac systems out there right now, some for sale; but I don’t know if the ZeuS Trojan attacks Linux or Mac. However, because of its modularity and that it’s easily modifiable, I would expect that if it’s not capable of a Linux or Mac attack right now, it will be as soon as a cyber crook determines that Linux and Mac users are worthy targets in terms of the size of their population and potential income from attacks.
      Best,
      Paul

What do you think?

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s