My 100th blog post! Had to be something special - so here's to ZEUS!!!

Hi There,

I wanted my one hundredth blog post to be something special... So I planned in two ways:

1. I have always been following posts and tweets about how Stuxnet and Zeus work and so want to keep this post related to the latest version of the bank-stealer - ZEUS, which turned 64-bit today (rather, the 64-bit version was discovered by Kaspersky today, not sure for how long it's been that way though)

2. This blog post is written on 11.12.13 :o)

Zeus is a Trojan horse malware that steals banking information by Man-in-the-browser keystroke logging and Form Grabbing. Zeus is spread mainly through facebook, drive-by downloads from torrent sites and phishing schemes. ...

Check out how many computers have been infected till date at http://en.wikipedia.org/wiki/Zeus_malware

How does it spread:


1. Through Facebook, if you've Accepted "unknown" friend requests...

2. Downloading torrents (can be pdfs, songs, movies [any type], documents etc)

3. Clicking on links within emails (doc, jpg etc)

4. Using unknown USB sticks and/or external hard drives

5. Other means which connect Windows machines

Since it's polymorphic (uses stealth techniques), no antivirus has been able to detect it... We know about it's existence since Kaspersky AV company was able to dissect Zeus in their lab and document the working...

Now for the bad news:

Zeus is now 64-bit which means it's capabilities have vastly increased... You can get more details here: http://www.securelist.com/en/blog/208214171/The_inevitable_move_64_...

Some of the main features incorporated within the new version are:

1. More stealth

2. Can bypass Tor - the anonymous proxy - so even if we are behind tor or using Tor Onion for firewall and proxying, we are still susceptible

3. Persistence increased - so even if you remove Zeus manually using the tools available, it may still be hidden within OS files

4. Can work as a spammer and send emails/ chat messages/ wall posts/ blogs etc from your machine, as you, to others

5. It may also infect as an OS update!! (this is yet to be confirmed by MS and Kaspersky)

6. And some more yet to be determined...

It's not able to infect Linux and OSX till now, only Windows machines are vulnerable

Please ensure you dont visit malicious-looking websites and if at all you want to, use a Linux/ Mac box :0)

That's it for now...

Hope to be back soon after the holidays... Have a wonderful X'Mas and a fantastic 2014!!

WTHack

Can we hack you before the hackers do?

Views: 58

Tags: 100th, blog, hundredth, nothings, one, post, safe, secure, zeus

Comment

You need to be a member of Internet Society Malaysia Chapter to add comments!

Join Internet Society Malaysia Chapter

Comment by pɐuɹɐʞ uɐɹıʞ on December 11, 2013 at 8:46pm

IPv6 Tunnel Broker

CURRENT EC - 2013 to 2014

Julian Vincent - Chair

A. Razif Ramli - Vice-Chair

Dr Suhaidi Hassan - Vice-Chair

Amir Haris Ahmad - Secretary

Adil Hidayat - Treasurer

Rinalia Abdul Rahim - EC member

Sivanathan Subramaniam  - EC member

Syahril Aziz - EC member

PAST EC - 2012 to 2013

Julian Vincent - Chair

A. Razif Ramli - Vice-Chair

Dr Suhaidi Hassan - Vice-Chair

Jagdish Singh - Secretary

Tan Tze Meng - Treasurer

Adil Hidayat - EC member

Amir Haris Ahmad - EC member

Selvakumar Manickam - EC member

PAST EC - 2010 to 2012

Julian Vincent - Chair

A. Razif Ramli - Vice-Chair

Yong Yoon Kit - Vice-Chair

Jagdish Singh - Secretary

Zaharin Mohd Nadzri - Treasurer

Lai Heng Choong - EC member

Sharina Puteh - EC member

COLLABORATION PARTNERS