The infamous ZeuS Malware has been causing financial theft all across the globe. More disturbing is the way the virus has been able to bypass Microsoft detection check–points.
The ZeuS malware was just reported to be back and very much alive by The Inquisitr. Evidently, the virus had found a new home in Social Media portal Facebook. ZeuS is quite known to patiently wait for its next victim and strike when least suspected. The irony is the fact that despite being over 6 years old, the malware is still very potent and continues to evade detection. In its current avatar, the virus is said to be taking advantage of Facebook’s underlying structure to infect millions of computers not just in the United States, but across the globe.
The most devastating aspect of the sophisticated piece of code is that the malware creators and developers have managed to compile the same using legitimate Signing Certificate. ZeuS is able to evade detection at multiple check–points because it masquerades as a Microsoft certified program.
The creators or various iterations of ZeuS were able to lay their hands on a legitimate signing certificate of a Microsoft–registered developer, reports CSO Online. Once the legitimate certificate was obtained, the developers had to simply cryptographically sign the malware’s executable.
The Windows operating system and antivirus tools check the validity of a program’s digital signature before trusting it. An invalid signature is the first sign that the code has been tampered with and hence security protocols can halt the code and block the same before it can do any harm. By generating a valid signature for the ZeuS Trojan, hackers could dress the infectious software as a legit application.
Using the genuine certificate the bank-account-raiding ZeuS Trojan is masquerading as a legit Windows app, reports The Register. The malware is easily able to burrow deep into the victim’s PC, because the signature being valid, the app isn’t restricted by Windows security protocols. Researchers at SSL-certificate flogger Comodo managed to detect 200 installs of this latest ZeuS variant. They used telemetry collected from users of its own security software.
ZeuS, also known as Zbot is typically distributed by planting malicious code on legitimate websites, that exploit browser bugs to install the nasty piece of code. Instances of using email phishing attacks, by tricking netizens into running attachments has also been recorded.
Attacks which are after gaining financially sensitive information can be curtailed in their mayhem by switching on the two stage login process that sends a SMS verification code to the registered mobile user.
[Image Credit | American Living Today]