Virus Spreads Zeus Trojan

Tuesday, February 4, 2014 @ 09:02 AM gHale

A virus is seeing use to help spread the Zeus Trojan, researchers said.

The Patnote (Pioneer) virus is helping spread the Zeus (Zbot). So, when the Patnote file infector ends up launched by a victim, it appends its code to all executable files, including ones on removable and network drives, said researchers from Trend Micro.

Java Bot Attacks Any OS
Trojan Slowed, but not Gone
Trojan Remains a Danger After Deleted
Fake Ads on the Attack

This code is then able to drop and execute the embedded Zeus version (TSPY_ZBOT.PNR) into the “User Temp” folder, and infect other executables.

The ability for the Patnote virus to spread across multiple systems makes the threat more difficult to remove. It also allows ZeuS to infect networks with restricted Web access.

Another fine design touch is the Patnote virus employs mechanisms that prevent researchers from analyzing it. Part of its design forces it to stop working if it detects analysis tools such as StudPDE, ProcDump, OllyDbg or WinHex.

As always users need to remain vigilant by not clicking on suspicious links, and always keeping antivirus software updated, among other defense in depth measures.

Leave a Reply

You must be logged in to post a comment.