Newer, More Secure Trojan Found

Wednesday, July 9, 2014 @ 09:07 AM gHale

A new version of the ZeuS Trojan is out there but in a lighter offering that has a more limited set of functions.

The new version named ZeuS Lite, relies only on TCP to communicate to the remote server and has the initial server list encrypted and hardcoded in the malware body, together with the packet cipher key, said researchers Fortinet.

Big Bank Haul in One Week
APT Alert: Two Airports Hacked
Trojan Evolves Changes Strategies
New Trojan Targets Banks, For Now

Encryption of the network data no longer carries out with the RC4 algorithm, as the authors implemented the more secure AES-128.

In addition, the authors implemented a second layer of encryption for incoming and outgoing communication, a simple byte-to-byte XOR algorithm, which they use at first. Then, the data ends up encoded once more using AES-128.

Another difference when compared to the original is the support for control over the infected machine, as the malware can perform commands for shutting down the system, rebooting it, executing external programs or scripts, or updating the malicious components.

“Even though it is shorter, this new version of Zeus is capable of performing sophisticated tasks that could cause great harm to the infected host,” said Kan Chen of Fortinet, adding the features it includes amount to increased flexibility, which allows downloading new malicious functions from the remote servers and executing them.

Click here for more information on the Trojan.

Leave a Reply

You must be logged in to post a comment.