THE INTERNET IS FOR EVERYONE
I wanted my one hundredth blog post to be something special... So I planned in two ways:
1. I have always been following posts and tweets about how Stuxnet and Zeus work and so want to keep this post related to the latest version of the bank-stealer - ZEUS, which turned 64-bit today (rather, the 64-bit version was discovered by Kaspersky today, not sure for how long it's been that way though)
2. This blog post is written on 11.12.13 :o)
Zeus is a Trojan horse malware that steals banking information by Man-in-the-browser keystroke logging and Form Grabbing. Zeus is spread mainly through facebook, drive-by downloads from torrent sites and phishing schemes. ...
Check out how many computers have been infected till date at http://en.wikipedia.org/wiki/Zeus_malware
How does it spread:
1. Through Facebook, if you've Accepted "unknown" friend requests...
2. Downloading torrents (can be pdfs, songs, movies [any type], documents etc)
3. Clicking on links within emails (doc, jpg etc)
4. Using unknown USB sticks and/or external hard drives
5. Other means which connect Windows machines
Since it's polymorphic (uses stealth techniques), no antivirus has been able to detect it... We know about it's existence since Kaspersky AV company was able to dissect Zeus in their lab and document the working...
Now for the bad news:
Zeus is now 64-bit which means it's capabilities have vastly increased... You can get more details here: http://www.securelist.com/en/blog/208214171/The_inevitable_move_64_...
Some of the main features incorporated within the new version are:
1. More stealth
2. Can bypass Tor - the anonymous proxy - so even if we are behind tor or using Tor Onion for firewall and proxying, we are still susceptible
3. Persistence increased - so even if you remove Zeus manually using the tools available, it may still be hidden within OS files
4. Can work as a spammer and send emails/ chat messages/ wall posts/ blogs etc from your machine, as you, to others
5. It may also infect as an OS update!! (this is yet to be confirmed by MS and Kaspersky)
6. And some more yet to be determined...
It's not able to infect Linux and OSX till now, only Windows machines are vulnerable
Please ensure you dont visit malicious-looking websites and if at all you want to, use a Linux/ Mac box :0)
That's it for now...
Hope to be back soon after the holidays... Have a wonderful X'Mas and a fantastic 2014!!
Can we hack you before the hackers do?