14 DAY TRIAL // Seculert researchers warn of the existence of a new version of Sazoora, a piece of malware that’s designed to steal information from infected computers.
Sazoora has been around since the summer of 2012. In May 2013, ESET analyzed the threat while monitoring a spyware campaign aimed at users from Slovakia. Now, Seculert has identified Sazoora.B, the second version of the malware.
This new variant is designed to more efficiently evade security solutions. The Trojan evades sandboxes by lying dormant for 15 minutes after it infects a device.
Once it becomes active, Sazoora.B starts communicating with its command and control (C&C) server.
In the first phase, the malware makes sure the C&C is owned by the attackers. It does this by asking the server to authenticate itself. This prevents others from hijacking the botnet.
During the month leading up to October 20, Seculert has observed over 23,000 injections, most of which targeted computers in Australia (25%), Switzerland (22%), Belgium (9%) and the United States (8%).
Researchers have yet to determine if Sazoora is used to target specific organizations.