Trojan Invisible to AV

Monday, June 8, 2015 @ 12:06 PM gHale

Over the years, technology has evolved to create a cloaking device that enables something to appear invisible.

The same thing holds true for a version of the Zeus banking Trojan. That is because researchers found some of the malware appears invisible to antivirus.

Trojan Focuses on Europe, North America
Social Networks: Moose on the Loose
PuTTY Malware Steals Credentials
Apache Fixes Security Manager Hole

Zeus has been around since 2007 and helped in the creation of Gameover Zeus (GoZ), which captures banking information and also helps send out CryptoLocker ransomware.

The latest version of Zeus is going out via the Neutrino exploit kit, a web-based attack tool leveraging unpatched versions of Flash Player browser plugin to funnel in a malicious payload, said Stephen Ramage from PricewaterhouseCoopers, who discovered malware.

The researcher learned the sample was a variant of Zeus by running it through the analysis platform at, which showed that it created mutexes matching the banking Trojan

Uploading the sample to VirusTotal showed none of the antivirus products in the collection could identify the piece of malicious.

Ramage’s research also found check-in response from Neutrino includes base64 encoded data pointing to a domain (sells-store[.]com) registered on June 1, indicating the malicious campaign is new.