By Ellen Messmer
March 11, 2010
New capabilities are strengthening the ZeuS botnet, which criminals use
to steal financial credentials and execute unauthorized transactions in
online banking, automated clearing house (ACH) networks and payroll
systems. The latest version of this cybercrime toolkit, which starts at
about $3,000, offers a $10,000 module that can let attackers completely
take control of a compromised PC.
Zeus v.1.3.4.x (code changes are always underway by the author and
owner, who is believed to be one individual in Eastern Europe) has
integrated a powerful remote-control function into the botnet so that
the attacker can now "take complete control of the person's PC," says
Don Jackson, director of threat intelligence at SecureWorks, which
released an in-depth report on ZeuS this week.
This new ZeuS feature, which was picked up from an older public-domain
project from AT&T Bell Labs known as "Virtual Network Computing," gives
ZeuS the kind of remote-control capability that might be found in a
legitimate product like GoToMyPC, Jackson says. SecureWorks calls this a
"total presence proxy," and it's so useful to criminals, just this one
VNC module for ZeuS costs $10,000.
The Windows-based ZeuS Trojan software, which takes up about 50,000
bytes on a compromised Windows-based computer, is designed to plunder
accounts in North American and United Kingdom banking systems via the
victim's computer. The criminal might be located a continent away,
directing unauthorized transfers of funds to accounts through elaborate
Register now for HITBSecConf2010 - Dubai, the premier
deep-knowledge network security event in the GCC,
featuring keynote speakers John Viega and Matt Watchinski!