Trend Micro has reported a new variant of the Zeus Trojan will not be detected by conventional antivirus applications. In fact, it has proved to be virtually undetectable.
Zeus has proved to be a persistent threat and was responsible for the recent 6 million theft from UK bank accounts by an international gang. This latest evolution of the Trojan means more financial misery could be happening, with computer users unaware their PC had been involved.
The latest variant has been given the typically ungainly name TSPY_ZBOT.BYZ. It has avoided detection by importing a large number of application programming interfaces (APIs), making it difficult to know where it would strike.
The new Zeus is also compressed differently to its predecessors, which foils a detection system based on calculable entropy. This is finding where in the viral code certain trigger routines might be hidden. It has enabled the Trojan to fool the heuristic detection systems in antivirus protection systems.
In addition to these features, analysing the virus has proved difficult for the numerous labs that develop counter measures. Normally, a virus is isolated in a sandbox, or isolated environment, to see how the code executed, what system changes it made and any network traffic it generated. Zeus just refused to play in a sandbox, Trend Micro claimed.
Since the appearance of Zeus.BYZ, another variant, Zeus.SMEQ, has been found and, given the difficulty in detection, there may have been more added to the family.
Trend's experts, and all the other antivirus companies, have been working on a detection process.
Julius Dizon, research engineer at Trend Micro, concluded: "To properly guard against this threat, conventional antivirus is not sufficient. Both improved detection techniques and proactive blocking of the websites, working together, can protect users."
-
Exploitation of Docker remote API servers has reached a “critical level”News Hackers are targeting Docker’s remote access API as it allows them to pivot from a single container to the host and deploy malware with ease
-
Cyber criminal underground “thriving” as weekly attacks surge by 75% in Q3 2024Cyber attacks reached another all-time high this quarter as digital crime continues to be a highly profitable industry for threat actors
-
Alarm raised over patched Phemedrone Stealer malware that's being used to target Windows PCs - here's what you need to knowNews Phemedrone Stealer is being used to exploit a vulnerability in Windows Defender SmartScreen despite the issue being patched in November 2023
-
SOC modernization and the role of XDRWhitepaper Automate security processes to deliver efficiencies across IT
-
Uncovering the ransomware threat from global supply chainsWhitepaper Effectively mitigate ransomware risk
-
The near and far future of ransomware business modelsWhitepaper Discover how criminals use ransomware as a cyberweapon
-
Trend Micro security predictions for 2023Whitepaper Prioritise cyber security strategies on capabilities rather than costs
-
'Potentially unsecured' SMBs are propping up an IT supply chain riddled with ransomwareNews More than half of IT supply chains have been impacted by ransomware attacks in recent years and organisations are failing to implement the necessary steps to prevent future damage
