ZeuS Banking Trojan Updating Infected Systems with Rootkit-Equipped Variant
ZeuS, or Zbot is one of the oldest families of financial malware, it is a Trojan horse capable to carry out various malicious and criminal tasks and is often used to steal banking information. It is distributed to a wide audience, primarily through infected web pages, spam campaigns and drive-by downloads.

Earlier this month, Comodo AV labs identified a dangerous variant of ZeuS Banking Trojan which is signed by stolen Digital Certificate belonging to Microsoft Developer to avoid detection from Web browsers and anti-virus systems.

Recently, the security researcher, Kan Chen at Fortinet has found that P2P Zeus botnet is updating its bots/infected systems with updates version that has the capability to drop a rootkit into infected systems and hides the trojan to prevent the removal of malicious files and registry entries.

The new variant also double check for the earlier installed version (0x38) of ZeuS trojan on the infected system and then replaces it with updated binary files (0X3B version).

"Every P2P Zeus binary would extract the version number from the update packet and compare the version number that is hardcoded in its body" to verify the success of update process.
ZeuS Banking Trojan Updating Infected Systems with Rootkit-Equipped Variant
According to researchers, there is only a minimal change in the new variant of P2P Zeus as the new binary also drops a rootkit driver file into the %SYSTEM32%\drivers folder, apart from its original functions. New Zeus Trojan equipped with rootkit feature makes it more sophisticated and increases the difficulty of removing Zeus from infected systems.

  • We recommend users to use common sense and think twice before giving a click to any link on their e-mails or at any other websites they visit.
  • Trustworthy companies don't send attachments unless you have requested specific documents. So, always use caution if you receive any email from an unknown contact with attachments that you haven't requested and do not bother to open it.
  • Install a best Internet Security Tool and Configure the firewall to maximize the security of your computer system.

Found this article interesting? Follow us on Twitter and LinkedIn to read more exclusive content we post.