The Hacker News Logo
Subscribe to Newsletter

The Hacker News - Cybersecurity News and Analysis: Zeus

FBI Offers $3 Million Reward For Arrest Of Russian Hacker

FBI Offers $3 Million Reward For Arrest Of Russian Hacker

February 25, 2015Wang Wei
The US State Department and the Federal Bureau of Investigation announced Tuesday a $3 Million reward for the information leading to the direct arrest or conviction of Evgeniy Mikhailovich Bogachev , one of the most wanted hacking suspects accused of stealing hundreds of millions of dollars with his malware. This is the highest bounty U.S. authorities have ever offered in any cyber case in its history. The 30-year-old Russian man who, according to bureau, is an alleged leader of a cyber criminal group who developed the GameOver Zeus botnet . STOLE MORE THAN $100 MILLION Evgeniy Mikhailovich Bogachev, also known under the aliases " lucky12345 ," " Slavik ," and " Pollingsoon, " was the mastermind behind the GameOver Zeus botnet , which was allegedly used by cybercriminals to infect more than 1 Million computers and resulted in more than $100 Million in losses since 2011. GameOver Zeus makes fraudulent transactions from online bank account
New Pushdo Malware Hacks 11,000 Computers in Just 24 Hours

New Pushdo Malware Hacks 11,000 Computers in Just 24 Hours

July 17, 2014Mohit Kumar
One of the oldest active malware families, Pushdo, is again making its way onto the Internet and has recently infected more than 11,000 computers in just 24 hours. Pushdo, a multipurpose Trojan, is primarily known for delivering financial malware such as ZeuS and SpyEye onto infected computers or to deliver spam campaigns through a commonly associated components called Cutwail that are frequently installed on compromised PCs. Pushdo was first seen over 7 years ago and was a very prolific virus in 2007. Now, a new variant of the malware is being updated to leverage a new domain-generation algorithm (DGA) as a fallback mechanism to its normal command-and-control (C&C) communication methods. DGAs are used to dynamically generating a list of domain names based on an algorithm and only making one live at a time, blocking on 'seen' Command & Control domain names becomes nearly impossible. With the help of a DGA, cyber criminals could have a series of advantages
After Takedown, GameOver Zeus Banking Trojan Returns Again

After Takedown, GameOver Zeus Banking Trojan Returns Again

July 12, 2014Swati Khandelwal
A month after the FBI and Europol took down the GameOver Zeus botnet by seizing servers and disrupting the botnet's operation, security researchers have unearthed a new variant of malware based explicitly on the same Gameover ZeuS that compromised users' computers and collectively formed a massive botnet. GAMEOVER ZEUS TROJAN The massive botnet, essentially a collection of zombie computers, specifically was designed to steal banking passwords with the capability to perform Denial of Service (DoS) attacks on banks and other financial institutions in order to deny legitimate users access to the site, so that the thefts kept hidden from the users. As a result of it, Gameover ZeuS' developers have stolen more than $100 million from banks, businesses and consumers worldwide. NEW GAMEOVER ZEUS TROJAN On Thursday, security researchers at the security firm Malcovery came across a series of new spam campaigns that were distributing a piece of malware based on the Gameover Zeus code which
ZeuS Botnet Updating Infected Systems with Rootkit-Equipped Trojan

ZeuS Botnet Updating Infected Systems with Rootkit-Equipped Trojan

April 21, 2014Wang Wei
ZeuS , or Zbot is one of the oldest families of financial malware , it is a Trojan horse capable to carry out various malicious and criminal tasks and is often used to steal banking information. It is distributed to a wide audience, primarily through infected web pages, spam campaigns and drive-by downloads. Earlier this month, Comodo AV labs identified a dangerous variant of ZeuS Banking Trojan which is signed by stolen Digital Certificate belonging to Microsoft Developer to avoid detection from Web browsers and anti-virus systems.  FREE! FREE! ZeuS BRINGS ROOTKIT UPDATE Recently, the security researcher, Kan Chen at Fortinet has found that P2P Zeus botnet is updating its bots/infected systems with updates version that has the capability to drop a rootkit into infected systems and hides the trojan to prevent the removal of malicious files and registry entries. The new variant also double check for the earlier installed version (0x38) of ZeuS trojan on the infecte
Beware of Zeus Banking Trojan Signed With Valid Digital Signature

Beware of Zeus Banking Trojan Signed With Valid Digital Signature

April 06, 2014Anonymous
A new dangerous variant of ZeuS Banking Trojan has been identified by Comodo AV labs which is signed by stolen Digital Certificate which belongs to Microsoft Developer to avoid detection from Web browsers and anti-virus systems. Every Windows PC in the world is set to accept software " signed " with Microsoft's digital certificates of authenticity, an extremely sensitive cryptography seal. Cyber Criminals somehow managed to hack valid Microsoft digital certificate, used it to trick users and admins into trusting the file. Since the executable is digitally signed by the Microsoft developer no antivirus tool could find it as malicious. Digitally signed malware received a lot of media attention last year. Reportedly, more than 200,000 unique malware binaries were discovered in past two years signed with valid digital signatures. A Comodo User submitted a sample of the malicious software that attempts to trick user by masquerading itself as file of Intern
Tor Network used to Host 900 Botnets and hidden Darknet Markets

Tor Network used to Host 900 Botnets and hidden Darknet Markets

March 07, 2014Swati Khandelwal
Tor network offers users browse the Internet anonymously and is mostly used by activists, journalists to conceal their online activities from prying eyes. But it also has the Dark side, as Tor is also a Deep Web friendly tool that allows hackers and cyber criminals to carry out illicit activities by making themselves anonymous. Kaspersky security researcher reported that Tor network is currently being used to hide 900 botnet and other illegal hidden services, through its 5,500 plus nodes i.e. Server relays and 1,000 exit nodes i.e. Servers from which traffic emerges. These days, Cyber criminals are hosting malware's Command-and-control server on an anonymous Tor network to evade detection i.e., difficult to identify or eliminate. Illegal use of the Tor network boosted up after the launch of the most popular underground Drug Market - Silk road  that also offered arms and malware to their users against Bitcoin , one of the popular crypto currency . ChewBacca , a point-
Tilon/SpyEye2 Banking Trojan Usage Declining after SpyEye Author Arrest

Tilon/SpyEye2 Banking Trojan Usage Declining after SpyEye Author Arrest

February 26, 2014Swati Khandelwal
Today, when we come across various malware, exploit kits and botnets that are in the wild, we think about an effective Antivirus solution or a Security Patch, but the most effective solution is always " The arrest of malware authors and culprits who are involved in the development of Malware. " Tilon has been an active malware family that was spotted first time in 2012, was specially designed to filch money from online bank accounts, that earlier various researchers found to be the new version of Silon , is none other than the SpyEye2 banking Trojan , according to researchers at security firm  Delft Fox-IT . Tilon  a.k.a  SpyEye2 is the sophisticated version of SpyEye Trojan . Majority functional part of the malware is same as of the SpyEye banking Trojan that was developed by a 24-year-old Russian hacker ' Aleksandr Andreevich Panin ' or also known as  Gribodemon , who was arrested in July 2013. ' SpyEye ', infected more than 1.4 million Computers
ZeuS Trojan variant Targets Salesforce accounts and SaaS Applications

ZeuS Trojan variant Targets Salesforce accounts and SaaS Applications

February 20, 2014Swati Khandelwal
Zeus , a financially aimed Banking Trojan that comes in many different forms and flavors, is capable to steal users' online-banking credentials once installed. This time, an infamous  Zeus Trojan has turned out to be a more sophisticated piece of malware that uses web-crawling action . Instead of going after Banking credentials and performing malicious keystroke logging, a new variant of Zeus Trojan focuses on Software-as-a-service (SaaS) applications for the purpose of obtaining access to proprietary data or code. The SaaS Security firm vendor Adallom , detected a targeted malware attack campaign against a Salesforce.com customer, which began as an attack on an employee's home computer. Adallom found that the new variant had web crawling capabilities that were used to grab sensitive business data from that customer's CRM instance. The Security firm noticed the attack when they saw about 2GB of data been downloaded to the victim's computer in less than 10
Gameover Malware, variant of ZeuS Trojan uses Encryption to Bypass Detection

Gameover Malware, variant of ZeuS Trojan uses Encryption to Bypass Detection

February 04, 2014Swati Khandelwal
The year begins with the number of new variants of malware that were discovered by various security researchers. The new variants are more complex, sophisticated and mostly undetectable. Two years back in 2012, the FBI warned us about the ' GameOver ' banking Trojan, a variant of Zeus financial malware that spreads via phishing emails. GameOver makes fraudulent transactions from your bank once installed in your system with the capability to conduct Distributed Denial of Service, or DDoS, attack using a botnet, which involves multiple computers flooding the financial institution's server with traffic in an effort to deny legitimate users access to the site. But that wasn't the end; a new variant of the same family of banking Trojan has been discovered by researchers that are being delivered by cyber criminals to users' machines, making it easier for the banking malware to evade detection and steal victim's banking credentials. Malcovery's Gary Warner explains
24-year-old Russian Hacker and Developer of SpyEye Banking Trojan pleads guilty

24-year-old Russian Hacker and Developer of SpyEye Banking Trojan pleads guilty

January 29, 2014Swati Khandelwal
A Russian man has pleaded guilty to conspiracy charges in a federal court in Atlanta on Tuesday for developing and distributing a malicious banking malware ' SpyEye ' that infected more than 1.4 million computers worldwide since 2009. Aleksandr Andreevich Panin , a 24 year old programmer, also known as Gribodemon and Harderman , was the main author of ' SpyEye ', a sophisticated malware designed to steal people's identities and financial information, including online banking credentials, credit card information, user names, passwords and PINs from their bank accounts without their knowledge. The SpyEye secretly infects the victim's computer and gives the remote control to the cybercriminals who remotely access the infected computer through command and control servers and steal victims' personal and financial information through a variety of techniques, including web injects, keystroke loggers, and credit card grabbers without authorization. Between 2009 and
Yahoo Ad Network abused to redirect users to malicious websites serving Magnitude Exploit Kit

Yahoo Ad Network abused to redirect users to malicious websites serving Magnitude Exploit Kit

January 05, 2014Wang Wei
Internet advertisement networks provide hackers with an effective venue for targeting wide range computers through malicious advertisements. Previously it was reported by some security researchers that Yahoo's online advertising Network is one of the top ad networks were being abused to spread malware by cyber criminals . Recent report published by Fox-IT, Hackers are using Yahoo's advertising servers to distribute malware to hundreds of thousands of users since late last month that affecting thousands of users in various countries. " Clients visiting yahoo.com received advertisements served by ads.yahoo.com. Some of the advertisements are malicious ," the firm reported . More than 300,000 users per hour were being redirected to malicious websites serving 'Magnitude Exploit Kit', that exploits vulnerabilities in Java and installs a variety of different malware i.e. ZeuS Andromeda Dorkbot/Ngrbot Advertisement clicking malware Tinba/Zusy Necurs "
More than 1,400 Financial institutions in 88 Countries targeted by Banking Trojan in 2013

More than 1,400 Financial institutions in 88 Countries targeted by Banking Trojan in 2013

December 22, 2013Swati Khandelwal
As the year draws to a close, we have seen the number of emerging threats like advance phishing attacks from the Syrian Electronic Army , financial malware and exploit kits, Cryptolocker ransomware infections, massive  Bitcoin theft, extensive privacy breach from NSA and many more. The financial malware's were the most popular threat this year. Money is always a perfect motivation for attackers and cyber criminals who are continually targeting financial institutions. On Tuesday, Antivirus firm Symantec has released a Threat report, called " The State of Financial Trojans: 2013 ", which revealed that over 1,400 financial institutions have been targeted and compromised millions of computers around the globe and the most targeted banks are in the US with 71.5% of all analyzed Trojans. Financial institutions have been fighting against malware for the last ten years to protect their customers and online transactions from threat. Over the time the attackers adapted to these counter
Researchers spotted 'Chewbacca', a new Tor-based Banking Trojan

Researchers spotted 'Chewbacca', a new Tor-based Banking Trojan

December 18, 2013Mohit Kumar
Cyber Criminal activity associated with the financial Trojan programs has increased rapidly during the past few months. However, the Tor -based architecture is the favorite one with online criminals, to hide their bots and the botnet's Command-and-Control real location from the security researchers. Security Researchers at anti-virus firm  Kaspersky Lab have discovered a new Tor-based  banking trojan , dubbed " ChewBacca " (" Trojan . Win32 . Fsysna . fej ")  , that steal banking credentials and hosted on a Tor . onion domain. This protects the location of a server as well as the identity of the owner in most cases. Still there are drawbacks preventing many criminals from hosting their servers within Tor. Due to the overlay and structure, Tor is slower and timeouts are possible. Massive botnet activity may influence the whole network, as seen with Mevade, and therefore let researchers spot them more easily. ChewBacca   malware is not first that adopt Tor for
Alleged Skynet Botnet creator arrested in Germany

Alleged Skynet Botnet creator arrested in Germany

December 09, 2013Mohit Kumar
The German Federal Criminal Police Office (BKA) has arrested a gang of cyber criminals believed to be responsible for creating the Skynet Botnet. Skynet was first detected by Security Firm G DATA in December 2012. It is a variant of the famous Zeus malware to steal banking credentials with DDoS attack and Bitcoin mining capabilities. The Botnet was controlled from an Internet Relay Chat (IRC) server hidden behind Tor network in order to evade sinkholing. According to a press release from German police, they arrested two people suspected of illegally generating Bitcoins worth nearly $1 million using a modified version of existing malware i.e. Skynet Botnet. German police conducted raids earlier this week on 3rd December and found evidence of other hacking activities i.e. Fraud and distribution of copyrighted pornographic material. A third person is under suspicion but has not been arrested. However, Police didn't mention Skynet Botnet in their press release, but just a day
Warning: "A new message from Skype Voicemail Service" spam leads to Zeus Malware

Warning: "A new message from Skype Voicemail Service" spam leads to Zeus Malware

November 29, 2013Wang Wei
Skype has been targeted by cyber criminals again this week. Users are receiving a new Spam Email with subject " You received a new message from the Skype voice mail service. ", that actually leads to Zeus Malware . Zeus is a Trojan horse that attempts to steal confidential information from the compromised computer. It specifically targets system information, online credentials, and banking details, but can be customized through the toolkit to gather any sort of information. The email is sent from the spoofed address " Skype Communications " and seems to be genuine, it has similar body content and the official Skype logo that usually comes with a legitimate Skype voice mail alerts. " This is an automated email, please don't reply. Voice Message Notification. You received a new message from the Skype voice mail service. " the email reads. The fraudsters have also tried to make the emails look genuine by adding real links back to the Skype website. According to MX Lab , the attached f
Dutch Police arrested TorRAT Malware Gang for stealing over Million Dollar

Dutch Police arrested TorRAT Malware Gang for stealing over Million Dollar

October 27, 2013Mohit Kumar
The TorRAT malware was first appeared in 2012 as spying tool only. But from August 2012, Bitcoin Mining feature was added and it became a powerful hacking tool that was commonly associated with attacks on Financial institutions. ab This year TorRat Malware targeted two out of three major Banks in the Netherlands and the  criminals stole over Million Dollars from user' Banking Accounts. The Dutch  police has arrested four men from Alkmaar, Haarlem, Woubrugge and Roden on last Monday, who are suspected of involvement in the large scale digital fraud and money laundering case using TorRat Malware. Using Spear Phishing techniques, gang  targeted the victims to access their computers and the Financial accounts. The gang used anonymous VPN services, Bitcoins, TorMail and the Tor network itself to remain anonymous. Malware is also capable of manipulating the information during online banking , can secretly add new payment orders and also able to modify existing
Hesperbot - A New Banking Trojan that can create hidden VNC server on infected systems

Hesperbot - A New Banking Trojan that can create hidden VNC server on infected systems

September 05, 2013Mohit Kumar
Security firm ESET has discovered  a new and effective banking trojan , targeting online banking users and designed to beat the mobile multi-factor authentication systems. Hesperbot detected as Win32/Spy.Hesperbot is very identical to the infamous Zeus and SpyEye Banking Malwares and infects users in Turkey, the Czech Republic, Portugal, and the United Kingdom. Trojan has functionalities such as keystroke logging , creation of screenshots and video capture, and setting up a remote proxy. The attackers aim to obtain login credentials giving them access to the victim's bank account and getting them to install a mobile component of the malware on their Symbian, Blackberry or Android phone. Some other advanced tricks are also included in this banking Trojan, such as creating a hidden VNC server on the infected system and can do network traffic interception with HTML injection capabilities. So far, the Trojan hasn't spread too far. The campaign was first detec
New ZeuS Malware spreading automatically via USB Flash Drives

New ZeuS Malware spreading automatically via USB Flash Drives

June 11, 2013Mohit Kumar
The notorious Zeus Trojan , a family of banking malware known for stealing passwords and draining the accounts of its victims, has steadily increased in recent months. The malware family itself is frequently updated with mechanisms designed to evade detection by antivirus and network security appliances. Trend Micro experts spotted another new variant of  ZBOT Malware which is capable of spreading  itself automatically via USB Flash Drives or removable drives. According to report , this particular ZBOT variant arrives through a malicious PDF file disguised as a sales invoice document and when user opens this file using Adobe Reader, it triggers an exploit . Malware also has an auto update module, so that it can download and run an updated copy of itself. To self propagate, it creates a hidden folder with a copy of itself inside the USB drive with a shortcut pointing to the hidden ZBOT copy. Another variant of ZeuS #Malware spotted, with new feature of spreading itself automati
Algerian Hacker linked to SpyEye virus extradited to US

Algerian Hacker linked to SpyEye virus extradited to US

May 04, 2013Mohit Kumar
The Algerian hacker linked with the SpyEye computer virus, designed to steal financial and personal information was extradited by Thailand to the United States to face charges that he hijacked customer accounts at more than 200 banks and financial institutions and have been used to steal more than $100 million in the last five years. A SpyEye allowed cybercriminals to alter the display of Web pages in the victims' browsers as a way to trick them into turning over personal financial information. The virus only impacts PCs and not Macintosh operating systems. A report issued last year by security firms McAfee said that about a dozen cybercrime groups have been using variants of Zeus and SpyEye, which automate the process of transferring money from bank accounts. The stolen funds are transferred to prepaid debit cards or into accounts controlled by money mules, allowing the mules to withdraw the money and wire it to the attackers. Hamza Bendelladj , also known as
Fraud-as-a-Service of Zeus Malware advertised on social network

Fraud-as-a-Service of Zeus Malware advertised on social network

April 28, 2013Anonymous
Cyber crime enterprise is showing a growing interest in monetization of botnets , the most targeted sector in recent months is banking. One of most active malware that still menaces Banking sector is the popular Zeus . Zeus is one of the oldest, it is active since 2007, and most prolific malware that changed over time according numerous demands of the black-market. Recently, Underground forums are exploded the offer of malicious codes, hacking services and bullet proof hosting to organize a large scale fraud. Cyber criminals are selling kits at reasonable prices or entire botnets for renting, sometimes completing the offer with information to use during the attacks. The model described, known also as a Fraud-as-a-Service , is winning, malicious code such as Zeus, SpyEye , Ice IX, or even Citadel have benefited of the same sales model, cyber criminals with few hundred dollars are able to design their criminal operation. Since now the sales model and the actor invol
Exclusive Offers

Sign up for cybersecurity newsletter and get latest news updates delivered straight to your inbox daily.