Self-Propagating Trojan Lives On

Tuesday, June 11, 2013 @ 03:06 PM gHale

In the cyber world Trojans usually live a short life and then new ones quickly replace them, but Zeus/Zbot continues moving forward with its variants continuing to perfect man in the middle (MitM) attacks, log keystrokes and grab information entered in online forms.

This Trojan usually spreads in exploit kits via drive-by-downloads, phishing schemes, and social media, however, Trend Micro researchers just found a variant that uses removable drives as another attack vector.

BIND 9 DoS Hole Patched
P2P Botnets Keep Growing
Global Cybercrime Botnet Breached
Reworked Trojans a Major Threat

In this case, the malware variant delivers via a malicious PDF file disguised as a sales invoice document.

Potential victims that attempt to open the file with Adobe Reader get a notice saying it cannot open because “use of extended features is no longer available.”

But in the background, the malware has already silently dropped onto the system and run.

It first contacts its C&C center to download an updated copy of itself (if there is one available), but immediately after it checks whether there are any removable drives connected to the computer, and if there are, it drops a copy of itself in a hidden folder, then creates a shortcut to it.

Leave a Reply

You must be logged in to post a comment.