Zeus Trojan infected 2.5 thousands Corperate machine around the Globe

Over the past 1,5 year more than 75 thousands machine worldwide have been infected by Zeus Trojan this is according to NetWitnes Company, all these infected computers were used to thief Banking account, Social Networking and email passwords.

Among the victims we can find some of the major companies like Merck, Cardinal Health, Paramount Pictures and Juniper Networks. NetWitness informed that Cybercriminals might be from an Eastern European group countries and performed their activities over a server located in Germany, by spreading emails containing malicious software or redirecting victims to a malicious website.

The observed hacking activities do not stop here but researchers noted that on 26 January they found a 76 Gigabytes of data stolen by this Trojan, this data contains information about 68 thousand corporate logins as well as online Banking credential, Facebook , Yahoo and Hotmail.

Attackers According to NetWitness are still actively exploiting all vulnerabilities to spread their dangerous Malware in the globe and controlling remotely all these machines by using different ways like p2p-bots Waldec botnet.

ZeuS consists of two main parts:
1. Command control (panel) – a set of scripts, including the admin area that can be installed on the server.
2. Bot – Win32 victim side (Trojan).

The Main features of Zeus are:
1- Invisible in windows process list
2- Bypass most firewalls.
3- Works on the windows restricted accounts.
4- The main Bot are encrypted
5- Disable Windows Firewall, which provides access to incoming messages/ commands.
6- All settings including configuration ,logs and commands passes over encrypted HTTP form (HTTPS).
7- Separate configuration file are available that allows hackers to find them when they lose access to the Main server.
8- Configuration Backup file are available in case of losing the config.
9- The ability to work with any kind of Browser because the program is running through wininet.dll (Internet Explorer, Mozilla Firefox, AOL…)
10- Interception of all machine activities by including a keylogger.
11- Simple transparent URL-redirection to fake web sites (GET / POST-requests, etc.)
12- Get all SSL/TLS Certificate imported by the victim and send them to the server
13- POP3 and Ftp protocol grabber.
14- Search all Hard disk files and download a specific file as desired by the attacker.
15- Getting screenshot in real time.

As you can see it is very easy to gain access to any person sensitive information so it is important to keep your AV/System definitions up to date to ensure you have the best protection against new threats.

make sure you subscribe to my RSS feed!