ID: IRCNE2011081228
Date: 2011-08-24
According to “TechWorld”, researchers have uncovered evidence that the infamous Zeus login-stealing Trojan has been blended with the Ramnit worm to create hybrid malware that can attack online bank accounts while spreading across networks.
Security company Trusteer said it recently discovered a mutant version of Ramnit that appeared to be using a man-in-the-browser (MitB) web injection module to trick bank customers into handing over their logins details, a technique straight out of the Zeus (aka 'SpyEye') design book.
The company has not yet established that the malware’s source code was definitely from Zeus, but is confident that there was now enough circumstantial evidence to suggest that it was.
The Zeus source code is believed to have become widely available in criminal circles in May after a leak of unconfirmed origin so security watchers have been on the lookout for new malware incorporating some of its most powerful and often very specific features.
Ramnit itself is an unremarkable worm so why criminals might want to combine it with Zeus is open to speculation. “Zeus does not have its own propagation mechanism,” said Trusteer’s CTO, Amit Klein. “The author might be going after networks,” he explained, noting that the hybrid malware had the ability to spread the Zeus data stealing across network shares, a potentially powerful new ability.
- 2