14 DAY TRIAL // Security researchers have come accross a new ZBOT sample which targets several online banking systems in Russia. The variant was generated with a very old version of the ZeuS toolkit.
ZeuS is a one of the most widespread and active developed crimeware toolkits. The program is so popular because it makes it easy for even attackers with limited technical expertise to generate their own custom trojans, along with associated Command and Control (C&C) server.
The malware generated by the ZeuS toolkit is usually referred to as ZBOT (ZeuS Bot), because it acts as a botnet client receiving instructions from a server. ZBOT is actually a computer trojan with information stealing capabilities.
The new sample was discovered by Trend Micro and according to the antivirus vendor, it targets various Russian banks. "This is the first time I’ve seen ZeuS target Russian banks given that online banking is not so popular in Russia. I can recall a few ZeuS/ZBOT samples targeting Yandex services, but I definitely can’t recall anyone targeting MDM Bank or other online Russian banking systems," Loucif Kharouni, threats analyst at Trend, writes.
The targeted online banking systems include osmp.ru, mylk.ru, telebank.ru, bank24.ru, citibank.ru, e-port.ru, mdmbank.ru, rbkmoney.ru, webmoney.ru, yandex.ru. However, the variant also steals login credentials from the customers of banks in countries like Germany, the United States, the United Kingdom, Poland, the Netherlands, Italy, Spain, France, Belarus, Bulgaria, Australia, Ireland, the United Arab Emirates, Turkey or New Zealand.
According to Kharouni, this ZBOT sample was generated with a very old version of the toolkit. This means that it is probably only capable of capturing data and not injecting rogue fields into login forms. It almost certainly lacks the advanced fraud enabling capabilities of the latest variants, which allow attackers to intiate money transfers remotely and hide them inside the online banking system.
You can follow the editor on Twitter @lconstantin