The Hacker News Logo
Subscribe to Newsletter

ZeuS Botnet Updating Infected Systems with Rootkit-Equipped Trojan

ZeuS Banking Trojan Updating Infected Systems with Rootkit-Equipped Variant
ZeuS, or Zbot is one of the oldest families of financial malware, it is a Trojan horse capable to carry out various malicious and criminal tasks and is often used to steal banking information. It is distributed to a wide audience, primarily through infected web pages, spam campaigns and drive-by downloads.

Earlier this month, Comodo AV labs identified a dangerous variant of ZeuS Banking Trojan which is signed by stolen Digital Certificate belonging to Microsoft Developer to avoid detection from Web browsers and anti-virus systems. 

FREE! FREE! ZeuS BRINGS ROOTKIT UPDATE
Recently, the security researcher, Kan Chen at Fortinet has found that P2P Zeus botnet is updating its bots/infected systems with updates version that has the capability to drop a rootkit into infected systems and hides the trojan to prevent the removal of malicious files and registry entries.

The new variant also double check for the earlier installed version (0x38) of ZeuS trojan on the infected system and then replaces it with updated binary files (0X3B version).

Every P2P Zeus binary would extract the version number from the update packet and compare the version number that is hardcoded in its body” to verify the success of update process.
ZeuS Banking Trojan Updating Infected Systems with Rootkit-Equipped Variant
According to researchers, there is only a minimal change in the new variant of P2P Zeus as the new binary also drops a rootkit driver file into the %SYSTEM32%\drivers folder, apart from its original functions. New Zeus Trojan equipped with rootkit feature makes it more sophisticated and increases the difficulty of removing Zeus from infected systems.

HOW TO PROTECT YOURSELF FROM ZeuS TROJAN
  • We recommend users to use common sense and think twice before giving a click to any link on their e-mails or at any other websites they visit.
  • Trustworthy companies don't send attachments unless you have requested specific documents. So, always use caution if you receive any email from an unknown contact with attachments that you haven't requested and do not bother to open it.
  • Install a best Internet Security Tool and Configure the firewall to maximize the security of your computer system.

Have something to say about this article? Comment below or share it with us on Facebook, Twitter or our LinkedIn Group.
SHARE
Comments
Latest Stories
Best Deals

Newsletter — Subscribe for Free

Join over 500,000 information security professionals — Get the best of our cyber security coverage delivered to your inbox every morning.