All the latest UK technology news, reviews and analysis

Hackers spreading Zbot malware using cat and sunset pictures

03 Mar 2014
Apple iPad Mini 2 with Retina display-camera PJ the cat photo

Hackers are issuing commands to machines infected with the Zbot malware using popular images of sunsets and cats, according to security firm Trend Micro.

Trend Micro threat response engineer Jennifer Gumban reported the hack campaign in a blog post, warning it is targeting several European bank customers. "We encountered an image of a sunset, but other security researchers reported encountering a cat image," read the post.

"Using steganography, a list of banks and financial institutions that will be monitored is hidden inside the image. The list includes institutions from across the globe, particularly in Europe and the Middle East."

The images can spread in a variety of ways. They can be shared as standalone malicious files that send out commands to infected machines, or inserted into web pages and set to automatically target visitors to the site.

Trend Micro vice president of security research, Rik Ferguson told V3 by hiding the malware's configuration files in this way, the hackers could bypass many traditional security features.

"There are a couple of good reasons for delivering them in this format; first the file the itself is often excluded from scanning by traditional security solutions, obviously to the naked eye they look entirely innocent and also to network monitoring software," he said.

Gumban said the campaign is atypical as it targets systems infected with the financially focused Zbot malware.

"This particular attack has another unusual routine: it downloads onto the system other malware, namely TROJ_FOIDAN.AX. This Trojan removes the X-Frames-Options HTTP header from sites the user visits, allowing websites to be displayed inside a frame," the post continued.

"Zbot has not traditionally been linked to clickjacking in the past. However, it has been linked to other threats, such as ransomware and file infectors."

Zbot is an old version of the notorious Zeus Trojan and is designed to steal financial information from its victims. The Zbot malware was thought to be close to extinct as criminals had upgraded their campaigns to run using newer versions of Zeus until May 2013, when Trend Micro researchers detected a resurgence in its use.

Ferguson said the discovery of the new Zbot attack is troubling as it shows common cyber criminals are beginning learn from more advanced hack campaigns.

"The most concerning aspect is that this is a real illustration that targeted attack expertise is already ‘filtering down' and becoming a commoditised playbook for traditional cybercrime."

The Zbot campaign comes during a turbulent time within the cybercrime community. Researchers from security firm FireEye reported that hackers are dropping financially focused malware, such as Zbot, in favour of more dangerous remote access Trojans (RATs) in February.

  • Comment  
  • Tweet  
  • Google plus  
  • Facebook  
  • LinkedIn  
  • Stumble Upon  
Alastair Stevenson

Alastair has worked as a reporter covering security and mobile issues at V3 since March 2012. Before entering the field of journalism Alastair had worked in numerous industries as both a freelance copy writer and artist.

View Alastair's Google+ profile

More on Security
What do you think?
blog comments powered by Disqus

Work location poll - office, remote or home?

Where do you spend most time working on your primary work device?

Popular Threads

Powered by Disqus
LG G Flex 2 hands-on review

CES 2015: LG G Flex 2 video

A closer look at LG's latest curved-screen smartphone

Updating your subscription status Loading

Get the latest news (daily or weekly) direct to your inbox with V3 newsletters.

newsletter sign-up button

Beacon technology: what are the opportunities and how does the technology work?

This paper seeks to provide education and technical insight to beacons, in addition to providing insight to Apple's iBeacon specification


Converting big data and analytics insights into results

Successful leaders are infusing analytics throughout their organisations to drive smarter decisions, enable faster actions and optimise outcomes

Head of Digital Product Management

Head of Digital Product Management is required for a...

Front End UI / UX Developer - HTML5 - Big Data Analytics

Front End UI / UX Developer - HTML5 - Big Data Analytics...

Software Trainer - Marketing Data Analysis & Automation Software

Software Trainer - Marketing Data Analysis & Automation...

Technical Support Consultant -SQL- Marketing Analysis/Automation

SaaS / Technical Support Consultant - SQL - Marketing...
To send to more than one email address, simply separate each address with a comma.