Zeus continues to strike online bank accounts and users, and technology designed to thwart these Trojan attacks continually fails to keep up. Symantec recently came across a new Zeus file targeting five major banks in Japan.
The malware, which has caused serious problems to banking customers in Europe and the U.S, now having maximum concentration on Japanese banks. Target information was reveled by Symantec after decryption of configuration file from new sample. The attacker uses Blackhole exploit kit in order to install Zeus.
Zeus, a financially aimed malware, comes in many different forms and flavors. It can be tweaked to hijack personal PCs, or come in the form of a keylogger that tracks keystrokes as users enter them.
But once installation over, Zeus malware aims to steal online-banking credentials, and phishing schemes and drive-by downloads are most often the avenues hackers use to spread this increasingly sophisticated and evolving Trojan.
In this case, the functionality is the same as that of other Zeus variants. Once infected, Zeus monitors the Web browser visiting the targeted banks and injects HTML code that displays a message in Japanese that states in English: "In order to provide a better service to our customers, we are updating our personal internet banking system. Please re-enter the information that you provided when you first registered.".
Zeus gained notoriety in 2006 as being the tool of choice for criminals stealing online banking credentials. If your are one of the victim of Zeus, we recommend that you change your passwords for your online accounts and if you have used your credit card while Zeus Trojan was on your computer, contact the bank and let them know that you might be be victim of a phishing attack.