Two Trojans Collaborate in Attack

Friday, November 15, 2013 @ 06:11 PM gHale

Collaboration is the name of the game in the manufacturing automation environment, but it also works with attackers as there is now a malware collaboration involving the Zeus banking Trojan and a new variant of the password-stealing Sinowal Trojan.

The attack starts with an email carrying an attachment. Inside is the Andromeda backdoor which, among other things, also functions as a dropper. Once it ends up downloaded and run, it drops variants of the two Tojans on the computer, said researches at Trend Micro.

Filling the Blackhole Void
Exploit Kit Replacement
Police Bust Blackhole Creator Suspect
FBI Busts Drug Web Site Owner

Zeus is well-known for its Man-in-the-Browser attacks, and this Sinowal variant aims to make its job easier by attempting to disable Trusteer’s Rapport software if present on the computer.

“Rapport is software that protects users from phishing and man-in-the-browser attacks. It is frequently provided to users by their banks to improve their security,” the Trend Micro researchers said. “If the attacker succeeded in disabling Rapport, users would be more vulnerable to man-in-the-browser attacks, which are frequently used by banking malware.”

According to Trusteer researchers, this new Sinowal variant is ineffective, but this example shows how attackers are always on the lookout for new schemes and approaches.

Leave a Reply

You must be logged in to post a comment.