Security Experts:

Zeus Malware Staging a Massive Comeback, Says Trend Micro

Security firm Trend Micro has observed a massive spike in attempted malware infections coming from the Zeus family of Trojans. This spike, the company says, further affirms their warnings from their 2013 predictions that what was old will once again become new.

In January, the Zeus family was virtually non-existent, thanks largely to Microsoft’s campaign to eradicate the Trojan from the Web. The software giant led the charge by seizing command and control servers in March of 2012, essentially crippling key components of the malware’s infrastructure. Despite that, the criminals who controlled Zeus kept producing – but failed to establish the hold the malware family once had on the Internet as a whole.

However, in February of this year, Trend Micro says that Zeus returned in force. New variants surged early on that month, and the number of new infection attempts continued an upward trend for the remainder of the monitoring period, which ended May 7. The malware itself maintains the same core functions, designed to steal information and credentials (finance-based data for example; such as banking usernames and passwords), but new variants are also altering the Windows HOST file in order to keep a stronger hold on the victim’s system.

“These ZBOT versions modify the Windows hosts file to prevent users from accessing security-related websites,” Trend says in a blog post.

“...old threats like ZBOT can always make a comeback because cybercriminals profit from these. Peddling stolen banking and other personal information from users is a lucrative business in the underground market. Plus, these crooks can use your login credentials to initiate transactions in your account without your consent. Thus, it is important to be careful in opening email messages or clicking links. Bookmark trusted sites and avoid visiting unknown ones.”

Additional details on the research from Trend Micro are available online

view counter
Steve Ragan is a security reporter and contributor for SecurityWeek. Prior to joining the journalism world in 2005, he spent 15 years as a freelance IT contractor focused on endpoint security and security training.