Trojan Invisible to AV
Monday, June 8, 2015 @ 12:06 PM gHale
Over the years, technology has evolved to create a cloaking device that enables something to appear invisible.
The same thing holds true for a version of the Zeus banking Trojan. That is because researchers found some of the malware appears invisible to antivirus.
Zeus has been around since 2007 and helped in the creation of Gameover Zeus (GoZ), which captures banking information and also helps send out CryptoLocker ransomware.
The latest version of Zeus is going out via the Neutrino exploit kit, a web-based attack tool leveraging unpatched versions of Flash Player browser plugin to funnel in a malicious payload, said Stephen Ramage from PricewaterhouseCoopers, who discovered malware.
The researcher learned the sample was a variant of Zeus by running it through the analysis platform at Malwr.com, which showed that it created mutexes matching the banking Trojan
Uploading the sample to VirusTotal showed none of the antivirus products in the collection could identify the piece of malicious.
Ramage’s research also found check-in response from Neutrino includes base64 encoded data pointing to a domain (sells-store[.]com) registered on June 1, indicating the malicious campaign is new.