#1 Trusted Cybersecurity News Platform
Followed by 5.20+ million
The Hacker News Logo
Subscribe – Get Latest News

Zeus | Breaking Cybersecurity News | The Hacker News

Category — Zeus
New ZeuS Malware spreading automatically via USB Flash Drives

New ZeuS Malware spreading automatically via USB Flash Drives

Jun 11, 2013
The notorious Zeus Trojan , a family of banking malware known for stealing passwords and draining the accounts of its victims, has steadily increased in recent months. The malware family itself is frequently updated with mechanisms designed to evade detection by antivirus and network security appliances. Trend Micro experts spotted another new variant of  ZBOT Malware which is capable of spreading  itself automatically via USB Flash Drives or removable drives. According to report , this particular ZBOT variant arrives through a malicious PDF file disguised as a sales invoice document and when user opens this file using Adobe Reader, it triggers an exploit . Malware also has an auto update module, so that it can download and run an updated copy of itself. To self propagate, it creates a hidden folder with a copy of itself inside the USB drive with a shortcut pointing to the hidden ZBOT copy. Another variant of ZeuS #Malware spotted, with new feature of spread...
Algerian Hacker linked to SpyEye virus extradited to US

Algerian Hacker linked to SpyEye virus extradited to US

May 04, 2013
The Algerian hacker linked with the SpyEye computer virus, designed to steal financial and personal information was extradited by Thailand to the United States to face charges that he hijacked customer accounts at more than 200 banks and financial institutions and have been used to steal more than $100 million in the last five years. A SpyEye allowed cybercriminals to alter the display of Web pages in the victims' browsers as a way to trick them into turning over personal financial information. The virus only impacts PCs and not Macintosh operating systems. A report issued last year by security firms McAfee said that about a dozen cybercrime groups have been using variants of Zeus and SpyEye, which automate the process of transferring money from bank accounts. The stolen funds are transferred to prepaid debit cards or into accounts controlled by money mules, allowing the mules to withdraw the money and wire it to the attackers. Hamza Bendelladj ,...
The Future of Serverless Security in 2025: From Logs to Runtime Protection

The Future of Serverless Security in 2025: From Logs to Runtime Protection

Nov 28, 2024Cloud Security / Threat Detection
Serverless environments, leveraging services such as AWS Lambda, offer incredible benefits in terms of scalability, efficiency, and reduced operational overhead. However, securing these environments is extremely challenging. The core of current serverless security practices often revolves around two key components: log monitoring and static analysis of code or system configuration. But here is the issue with that: 1. Logs Only Tell Part of the Story Logs can track external-facing activities, but they don't provide visibility into the internal execution of functions. For example, if an attacker injects malicious code into a serverless function that doesn't interact with external resources (e.g., external APIs or databases), traditional log-based tools will not detect this intrusion. The attacker may execute unauthorized processes, manipulate files, or escalate privileges—all without triggering log events. 2. Static Misconfiguration Detection is Incomplete Static tools that check ...
Fraud-as-a-Service of Zeus Malware advertised on social network

Fraud-as-a-Service of Zeus Malware advertised on social network

Apr 28, 2013
Cyber crime enterprise is showing a growing interest in monetization of botnets , the most targeted sector in recent months is banking. One of most active malware that still menaces Banking sector is the popular Zeus . Zeus is one of the oldest, it is active since 2007, and most prolific malware that changed over time according numerous demands of the black-market. Recently, Underground forums are exploded the offer of malicious codes, hacking services and bullet proof hosting to organize a large scale fraud. Cyber criminals are selling kits at reasonable prices or entire botnets for renting, sometimes completing the offer with information to use during the attacks. The model described, known also as a Fraud-as-a-Service , is winning, malicious code such as Zeus, SpyEye , Ice IX, or even Citadel have benefited of the same sales model, cyber criminals with few hundred dollars are able to design their criminal operation. Since now the sales model and the actor invol...
cyber security

Creating, Managing and Securing Non-Human Identities

websitePermisoCybersecurity / Identity Security
A new class of identities has emerged alongside traditional human users: non-human identities (NHIs). Permiso Security's new eBook details everything you need to know about managing and securing non-human identities, and strategies to unify identity security without compromising agility.
What does the Poetry with Citadel trojan ?

What does the Poetry with Citadel trojan ?

Feb 23, 2013
Recently we published an article on the attacks against Japanese banks using a new variant of the popular Zeus , one of the most prolific malware of recent history, security experts in fact have detected various versions of the popular malicious code that hit also mobile and social networking platforms . Due its flexibility the malware has been re-engineered several times by cyber criminals that adapted its structure to specific purposes and context, leaving unchanged its core capabilities of stealing banking credentials of victims. Zeus has been a huge success in the criminal circles especially for the sales model, as malware as service, implemented by its authors on many underground sites, let's remind for example the Citadel Trojan one of the most popular on the crimeware market. Fortunately its author, known as Aquabox , has been banned from a large online forum that sells malware and other services to cyber criminals, but many security firms consider Citadel Trojan still very ...
Arrested 'Happy Hacker' is the ZeuS Botnet Mastermind

Arrested 'Happy Hacker' is the ZeuS Botnet Mastermind

Jan 11, 2013
Last week, Happy Hacker   arrested in Thailand on charges of stealing millions from online bank accounts. According to new reports same hacker alleged as ZeuS Mastermind and used to have the profile of a miscreant nicknamed " bx1 ," a hacker fingered by Microsoft before as a major operator of botnets powered by the ZeuS banking trojan .  He remained smiling throughout a press conference in which Thai police explained that Thailand will seek to extradite Mr Bendelladj to the US state of Georgia, where a court has issued a warrant for his arrest. 24-year-old Algerian Hacker , Hamza Bendelladj   arrested at a Bangkok airport enroute from Malaysia to Egypt. The ZeuS botnet is one of the most notorious in existence, and it's also one that has earned its masters some pretty massive payouts. The Email ID's  daniel.h.b@universityofsutton.com , and danieldelcore@hotmail.com  mentioned by Microsoft in a complaint submitted to the U.S. District Co...
Exploit Packs updated with New Java Zero-Day vulnerability

Exploit Packs updated with New Java Zero-Day vulnerability

Jan 10, 2013
A new Java 0-day vulnerability has been discovered, already wind in use by an exploit pack, taking advantage of a fresh zero-day vulnerability in Java and potentially letting hackers take over users' machines. Java 7 Update 10 and earlier contain an unspecified vulnerability that can allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. The flaw was first spotted by 'Malware Don't Need Coffee' blog . This vulnerability is being attacked in the wild, and is reported to be incorporated into exploit kits. This exploit is already available in two Exploit Packs, that is available for $700 a quarter or $1,500 for a year. Similar tactics were used in CVE-2012-4681 , which was discovered last August. Source of this new Exploit available to download Here . The two most popular exploits packs used by hackers to distribute malware, the BlackHole Exploit Kit and the Cool Exploit Kit already having thi...
Under the hood of recent DDoS Attack on U.S. Banks

Under the hood of recent DDoS Attack on U.S. Banks

Jan 10, 2013
Incapsula security study reveals how a simple neglect in managing the administrative password of a small UK site was quickly exploited by Botnet shepherds operating obscurely out of Turkey to hurl large amounts of traffic at American banks. If you've been following the news, you are probably aware of a wave of DDoS attacks that recently hit several major U.S. banks. Izz ad-Din al-Qassam, a hacker group that claimed responsibility for these attacks, declared them to be a retaliation for an anti-Islam video that mocked the Prophet Muhammad and a part of the on-going "Operation Ababil." As the reports of the attack started to roll in, Incapsula security team was able to uncover one of the secret foot-soldiers behind the assault: a compromised general-interest UK-based website that was trying to hurl large chunks of junk traffic at three of the world's largest financial institutions (PNC, HSBC and Fifth Third Bank). At On the eve of the attack, this website su...
5 Checks You Must Run To Ensure Your Network Is Secure

5 Checks You Must Run To Ensure Your Network Is Secure

Jan 10, 2013
Twenty-four hours a day, seven days a week, 365 days each year – it's happening. Whether you are awake or asleep, in a meeting or on vacation, they are out there probing your network, looking for a way in. A way to exploit you; a way to steal your data, a place to store illegal content, a website they can deface, or any of a hundred other ways to mess with you for the simple joy of it all. And they can do this with relative ease, even in an automated fashion, with simple tools that are readily available to all. I'm talking about network scanners. The bad guys use them all day every day to assess networks around the world because a network scanner is one of the easiest and most efficient ways to find the cracks in your armor. If you want to see your network the same way an attacker would, then you want to use a network scanner. Network scanners perform automated tests of systems over the network. They don't require agents or any other software to be installed on the "target" ...
Outdated version of WordPress leads to MasterCard Hack

Outdated version of WordPress leads to MasterCard Hack

Jan 09, 2013
On tip of a readers, yesterday we came across a new MasterCard hack, performed by  Syrian Electronic Army . Hackers was able to breach MasterCard Blog ( https://insights.mastercard.com ) and make a new blog post on the website with title " Hacked By Syrian Electronic Army " on January 5, 2013. For now MasterCard deleted that post, but readers can check Google cache . Today we tried to contact the hacker, but may be they are busy in Hacking Next Target , I started my investigation that how they can hack such a big economic website's blog. Starting from very first step, Information gathering about your target. Simple by reviewing the source code we found that MasterCard blog is using Wordpress. We all know, WordPress is particular a popular attack vector for cyber criminals. To know this, I just tried to access the readme.html file of CMS , that's it - MasterCard #fail ! They are using an old  Wordpress 3.3.2  version, in...
Official Debian and Python Wiki Servers Compromised

Official Debian and Python Wiki Servers Compromised

Jan 09, 2013
Administration from Debian and Python project official websites confirmed that their WIKI servers were compromised by some unknown hackers recently. Hackers was able to hack because of several vulnerabilities in " moin " package. According to  Brian Curtin at Python Project , Hacker user some unknown remote code exploit on Python Wiki server (https://wiki.python.org/) and was able to get shell access. The shell was restricted to "moin" user permissions, where but no other services were affected. Attacker deleted all files owned by the "moin" user, including all instance data for both the Python and Jython wikis. Python Software Foundation encourages all wiki users to change their password on other sites if the same one is in use elsewhere. For now, Python Wiki is down and team is investigating more about breach. Where as in Debian Wiki (https://wiki.debian.org/) security breach, user use some known vulnerabilities Directory traversal...
Warm up your keyboard for Facebook Hacker Cup 2013

Warm up your keyboard for Facebook Hacker Cup 2013

Jan 09, 2013
Dear Hackers, Warm up your keyboards! Because Facebook open Registration for third Hacker Cup 2013, an annual worldwide programming competition where hackers compete against each other for fame, fortune, glory and a shot at the title of world champion, with $5,000 top prize. The qualification round begins on January 25th. So Participate and enhance your programming competency. The dates have been set for Facebook Hacker Cup 2013 Jan 7 — Jan 27 — Registration Jan 25 — Jan 27 — Online Qualification Round Feb 2 — Online Elimination Round 1 Feb 9 — Online Elimination Round 2 Feb 16 — Online Elimination Round 3 March 22 -23 — Onsite Finals at Facebook Registrations Page -  https://www.facebook.com/hackercup/register This is your chance to compete against the world's best programmers for awesome prizes and the title of World Champion.
Running Desktop Apps on Windows RT, The Hackers Way!

Running Desktop Apps on Windows RT, The Hackers Way!

Jan 08, 2013
A hacker claims to have found a method in the code integrity mechanism in Windows RT, that allow one to bypass security mechanism preventing unauthorized software running on ARM-powered Windows RT tablets. Lets see, How to Run traditional desktop apps on Windows RT in a Hackers  Way! A hacker called ' C. L. Rokr ' explain about the Windows RT exploit on his blog , which requires manipulating a part of Windows RT's system memory that governs whether unsigned apps can run. Windows RT is a special version of Microsoft Windows designed for lightweight PCs and tablets that are based on the ARM architecture, including Microsoft's Surface tablet.  Clrokr said Windows RT inherited a flaw from Windows 8 that makes the workaround possible. " Ironically, a vulnerability in the Windows kernel that has existed for some time and got ported to ARM just like the rest of Windows made this possible, ". Specifically, one needs to inject a blob of ARM code int...
Hacking Facebook Passwords like changing your own Password

Hacking Facebook Passwords like changing your own Password

Jan 08, 2013
Hacker found a way to hack and change your password like, just he used to change his own password. Confused ? Recently Facebook fix a very critical vulnerability on the tip of ' Sow Ching Shiong ' , an independent vulnerability researcher. Flaw allows anyone to reset the password of any Facebook user without knowing his last password. At Facebook, there is an option for compromised accounts at " https://www.facebook.com/hacked " , where Facebook ask one to change his password for further protection. This compromised account recovery page, will redirect you to another page at " https://www.facebook.com/checkpoint/checkpointme?f=[userid]&r=web_hacked " . Researcher notice that the URL of the page having a parameter called "f" which represents your user ID and replacing the user ID with victim's user ID allow him to get into next page where attacker can reset the password of victim without knowing his last password. The  Vulnera...
NASA 'Space your Face' domain hacked

NASA 'Space your Face' domain hacked

Jan 07, 2013
Another basic security loop-hole in NASA website lead to a Hack. This time hacker going by name " p0ison-r00t " deface a sub domain of NASA ( https://spaceyourface.nasa.gov/ ). The hacked sub domain running a web application using flash, that allow visitors to create some funny videos of Space using Faces. Hacker able to upload his text on the website, as shown in screenshot taken by ' The Hacker News '. We contact hacker to know more about the hack, on asking How ? Hacker said," I found a form on website, accepting file upload but without validating the extension, that allow me to upload a php shell on server ". Hacker also said that because of low privileges he was not able to modify any file, but was able to upload some text on the website, Check here . Mirror of hack also available on Zone-h .
SkypeHide to Send secret messages into silence of Skype Calls

SkypeHide to Send secret messages into silence of Skype Calls

Jan 07, 2013
Polish Researchers have discovered a clever way to send secret messages during a phone call on Skype. We know that, by default skype calls use 256-bit advanced encryption, but researchers find that is not enough. So they find out this new way to communicate messages more secretly by using silence. Mazurczyk, Maciej Karaś and Krzysztof Szczypiorski analysed Skype data traffic during calls and discovered that there is a way in Skype silence, where rather than sending no data between spoken words, Skype sends 70-bit-long data packets instead of the 130-bit ones that carry speech. So by taking advantage of this they hijacks these silence packets and then inject encrypted message data into some of them. The Skype receiver on other end will always simply ignores the secret-message data, but it can be decoded back to receive that secret message. Team decide to present this at Steganography conference  by creating a POC tool called SkypeHide that will be able to hi...
FBI wanted Algerian Hacker Arrested in Thailand

FBI wanted Algerian Hacker Arrested in Thailand

Jan 07, 2013
Thai police arrested an Algerian Hacker, wanted by the US Federal Bureau of Investigation for allegedly making millions from cybercrime.  Hamza Bendelladj , 24, was arrested late Sunday while attempting to transit through Bangkok's Suvarnabhumi Airport from Malaysia. Police confiscated from Bendelladj two laptops, one tablet computer, a satellite phone and a number of external hard drives, where satellite phone and notebook computer were his main tools, the commissioner said. Bendelladj graduated in computer sciences from Algeria in 2008, has allegedly hacked private accounts in 217 banks and financial companies worldwide. " With just one transaction he could earn 10 to 20 million dollars ," Lt Gen Phanu said. " He's been travelling the world flying first class and living a life of luxury. " Bendelladj will be extradited to the U.S. state of Georgia, where a district court has issued an arrest warrant. " I'm not in the top 10, maybe just...
Password reset Vulnerability in Facebook Employees Secure Files Transfer service

Password reset Vulnerability in Facebook Employees Secure Files Transfer service

Jan 07, 2013
Many be many of you are not aware about this, but Facebook having a Secure Files Transfer service for their Employees at https://files.fb.com  and Hacker reported a very critical password reset vulnerability. Nir Goldshlager , a researcher told ' The Hacker News ' that how he defeat Facebook 's Secure Files Transfer service and help Facebook by reporting them about this issue in a responsible non-disclosure way till patch. After analyzing the site, he found that the script Facebook is using is actually " Accellion Secure File Sharing Service " script and so next he download the demo version of service from Accellion website and explore the source codes and file locations. He found that, there is a user registration page also available in source, that was also on files.fb.com. Unfortunately Facebook had removed the Sign up option (link) from homepage, but forget to remove the registration page from its actual location i.e (/courier...
Latest Internet Explorer zero-day linked to Elderwood Project

Latest Internet Explorer zero-day linked to Elderwood Project

Jan 06, 2013
Last week we have seen ongoing attacks was exploiting a vulnerability in Internet Explorer 6, Internet Explorer 7, and Internet Explorer 8 that came to light after the Council on Foreign Relations website was hacked and was hosting the code. Symantec has linked exploits to the group responsible for a spate of recent espionage attacks Dubbed the " Elderwood Project ". In May 2012, Amnesty International's Hong Kong website was compromised & used to serve up a malicious SWF file that exploited CVE-2012-1875, a vulnerability affecting Internet Explorer. A few months later in Sep 2012, the same group behind that attack was responsible for using another IE zero-day CVE-2012-4969. Microsoft issued a temporary Fix-it patch for the vulnerability but now researchers are claiming that they have bypassed the patch and were able to compromise a fully patched system. Name comes from a source code variable used by the attackers. In the past, the group has used a mix o...
Indian Government Wiretapping and started BlackBerry interception

Indian Government Wiretapping and started BlackBerry interception

Jan 05, 2013
According to a report, All major Indian telecom companies, including Bharti Airtel, Vodafone India and Tata Tele services, have agreed to share real-time interception of BlackBerry calls and data services on their networks with Security agencies to meet the December 31 deadline fixed by the Indian government . Research In Motion (RIM), the manufacturer of BlackBerry, has been directed to provide the resolution and web-browsing needs of the BlackBerry Internet Services. This is to be done in discussion with concerned service providers and law interception organisations. Earlier in 2011, the government set the deadline for RIM to come up with facilities for interception, or face closure of their operations in India. The security agencies in the country have been trying to get the company to install local servers so they could access and monitor the stream of messages going back and forth to implement better security in the country. The Ministry for Home Affairs ordere...
Zero-Day Vulnerability in Symantec PGP Whole Disk Encryption

Zero-Day Vulnerability in Symantec PGP Whole Disk Encryption

Jan 05, 2013
Symantec product PGP Whole Disk Encryption which is used to encrypt all the contents on the disk on a block-by-block basis having Zero-Day Vulnerability, according to a pastebin note . Note was posted on 25th Dec by Nikita Tarakanov , claiming that  pgpwded.sys kernel driver distributed with Symantec PGP Desktop contains an arbitrary memory overwrite vulnerability. Affected version of software is Symantec PGP Desktop 10.2.0 Build 2599 (up-to date). Through a blog post , Symantec confirmed that its a potential issue, but it cannot easily be exploited. Vulnerability is limited to systems running Windows XP and Windows 2003 only. An attacker would need local access to a vulnerable computer to exploit this vulnerability. Note posted by Nikita also provide technical details on the issue, that help Symantec encryption engineering team to understand the issue. " However, the exploit would be very difficult to trigger as it r...
Expert Insights / Articles Videos
Cybersecurity Resources