All the latest UK technology news, reviews and analysis


Hackers spreading Zbot malware using cat and sunset pictures

03 Mar 2014
Apple iPad Mini 2 with Retina display-camera PJ the cat photo

Hackers are issuing commands to machines infected with the Zbot malware using popular images of sunsets and cats, according to security firm Trend Micro.

Trend Micro threat response engineer Jennifer Gumban reported the hack campaign in a blog post, warning it is targeting several European bank customers. "We encountered an image of a sunset, but other security researchers reported encountering a cat image," read the post.

"Using steganography, a list of banks and financial institutions that will be monitored is hidden inside the image. The list includes institutions from across the globe, particularly in Europe and the Middle East."

The images can spread in a variety of ways. They can be shared as standalone malicious files that send out commands to infected machines, or inserted into web pages and set to automatically target visitors to the site.

Trend Micro vice president of security research, Rik Ferguson told V3 by hiding the malware's configuration files in this way, the hackers could bypass many traditional security features.

"There are a couple of good reasons for delivering them in this format; first the file the itself is often excluded from scanning by traditional security solutions, obviously to the naked eye they look entirely innocent and also to network monitoring software," he said.

Gumban said the campaign is atypical as it targets systems infected with the financially focused Zbot malware.

"This particular attack has another unusual routine: it downloads onto the system other malware, namely TROJ_FOIDAN.AX. This Trojan removes the X-Frames-Options HTTP header from sites the user visits, allowing websites to be displayed inside a frame," the post continued.

"Zbot has not traditionally been linked to clickjacking in the past. However, it has been linked to other threats, such as ransomware and file infectors."

Zbot is an old version of the notorious Zeus Trojan and is designed to steal financial information from its victims. The Zbot malware was thought to be close to extinct as criminals had upgraded their campaigns to run using newer versions of Zeus until May 2013, when Trend Micro researchers detected a resurgence in its use.

Ferguson said the discovery of the new Zbot attack is troubling as it shows common cyber criminals are beginning learn from more advanced hack campaigns.

"The most concerning aspect is that this is a real illustration that targeted attack expertise is already ‘filtering down' and becoming a commoditised playbook for traditional cybercrime."

The Zbot campaign comes during a turbulent time within the cybercrime community. Researchers from security firm FireEye reported that hackers are dropping financially focused malware, such as Zbot, in favour of more dangerous remote access Trojans (RATs) in February.

  • Comment  
  • Tweet  
  • Google plus  
  • Facebook  
  • LinkedIn  
  • Stumble Upon  
Alastair Stevenson
About

Alastair has worked as a reporter covering security and mobile issues at V3 since March 2012. Before entering the field of journalism Alastair had worked in numerous industries as both a freelance copy writer and artist.

View Alastair's Google+ profile

More on Security
What do you think?
blog comments powered by Disqus
Poll

Windows 7 end of mainstream support

What are your plans for when Microsoft ends mainstream support for Windows 7 in January 2015?
10%
9%
3%
64%
14%

Popular Threads

Powered by Disqus
LG G3 in gold black and white

LG G3 vs Galaxy S5 video

We pit the two Korean firms' flagship smartphones against each other

Updating your subscription status Loading
Newsletters

Get the latest news (daily or weekly) direct to your inbox with V3 newsletters.

newsletter sign-up button
hpv3may

Getting started with virtualisation

Virtualisation can help you reduce costs, improve application availability, and simplify IT
management. However, getting started can be challenging

ibmv3may

Converting big data and analytics insights into results

Successful leaders are infusing analytics throughout their organisations to drive smarter decisions, enable faster actions and optimise outcomes

Business Analyst

Business Analyst - Northampton, up to £38,000 Business...

Project Manager - MS Dynamics CRM

CRM Project Manager required for a leading Corporate...

Test Manager

Test Manager, Test Team Manager, Head of Testing, Head...

Head of Business Change Management

Head of Business Change Management Royal Mail Group...
To send to more than one email address, simply separate each address with a comma.