Security experts recently discovered that hackers have discovered a new way to circumvent security software and steal online banking details, according to an article published on Network World. The firm Malcovery Security, a security company based in Georgia, contacted security analysts after discovering that none of 50 security programs on Google’s online virus scanning service VirusTotal were detecting or capturing Zeus, the notorious malicious software that has been well known in the banking industry for a long time.
The article indicates that when Zeus successfully exercises an attack, it produces “an assortment of spam messages, which spoofed brands and organizations such as the payment processor ADP, the Better Business Bureau and the British tax authority HMRC.” According to the article, a “.zip” file is contained in the spam message and, if opened, launches UPATRE, a small application which leads to the download of a ‘.enc’ file. The article states that this file then decrypts and gives birth to “the GameOver Zeus, a variant of the notorious Zeus malware.”
It is outlined in the article that Zeus first came on the scene in 2006 and has been “a thorn in the side of banks” since that time. The article continued to report – per Dell’s SecureWorks unit – that the Zeus source code was “leaked in May 2011” allowing hackers and cyber criminals to continually “make improvements” and “make its network more resilient.” In the article, Gary Warner, Malcovery’s chief technologist, is quoted to say, “Security products are appearing to stumble on the ‘.enc’ file since it doesn’t end in ‘.exe’ which designates an executable program. Why? Well, because technically, it isn’t malware.”
As the report continued, Warner was also quoted to say, “It is likely that many different criminals are paying to use this infrastructure.”