Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

New Banking Trojan Discovered Targeting Businesses' Financial Accounts


  • Please log in to reply
6 replies to this topic

#1 techextreme

techextreme

    Bleepin Tech


  • Members
  • 2,125 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pittsburgh, PA
  • Local time:10:34 AM

Posted 10 February 2010 - 10:42 AM

Bugat Trojan spread via the Zbot/Zeus botnet, say SecureWorks researchers

Link to Story here.
Techextreme

"Admire those who attempt great things, even though they fail."

-- Seneca

BC AdBot (Login to Remove)

 


#2 Layback Bear

Layback Bear

  • Members
  • 1,880 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Northern Ohio
  • Local time:09:34 AM

Posted 11 February 2010 - 08:11 PM

Thank you techextreme. I have read the site you posted and I hope my bank has.

#3 steven

steven

  • Members
  • 133 posts
  • OFFLINE
  •  
  • Local time:09:34 AM

Posted 18 February 2010 - 11:08 PM

I read the link too. Scary stuff.
I wish they would have said which AV scanners detected this infection.

#4 Layback Bear

Layback Bear

  • Members
  • 1,880 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Northern Ohio
  • Local time:09:34 AM

Posted 19 February 2010 - 06:21 AM

Like steven I would like to know which A/V are updated to take care of this new problem.
Thanks again techextreme keep us posted.

#5 techextreme

techextreme

    Bleepin Tech

  • Topic Starter

  • Members
  • 2,125 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pittsburgh, PA
  • Local time:10:34 AM

Posted 19 February 2010 - 08:18 AM

I found a few more interesting things about Zbot/Zeus.

This list from Malwarehelp.org has some known names of Zbot/Zeus.

Variant 1

* C:\WINDOWS\system32\ntos.exe
* C:\WINDOWS\system32\wsnpoem\audio.dll
* C:\WINDOWS\system32\wsnpoem\video.dll

Variant 2

* C:\WINDOWS\system32\oembios.exe
* C:\WINDOWS\system32\sysproc64\sysproc86.sys
* C:\WINDOWS\system32\sysproc64\sysproc32.sys

Variant 3

* C:\WINDOWS\system32\twext.exe
* C:\WINDOWS\system32\twain_32\local.ds
* C:\WINDOWS\system32\twain_32\user.ds

Variant 4

* C:\WINDOWS\system32\sdra64.exe
* C:\WINDOWS\system32\lowsec\local.ds
* C:\WINDOWS\system32\lowsec\user.ds

I did a search on ThreatExpert.com and prevx.com.

I myself use Eset Antivirus so, I checked with Eset to see if it was in their list of known infections. This is the Information I found. I also found that Eset's Virus Signature Database v.4879 has multiple listings of Zbot.

Hope this helps,
Techextreme

"Admire those who attempt great things, even though they fail."

-- Seneca

#6 APEX_Predat0r

APEX_Predat0r

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:10:34 AM

Posted 05 March 2010 - 04:41 PM

I have seen variant 4 of this trojan and was able to successfully remove it with Malwarebytes.

#7 Layback Bear

Layback Bear

  • Members
  • 1,880 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Northern Ohio
  • Local time:09:34 AM

Posted 06 March 2010 - 11:46 AM

APEX_Predat0r that is a bit of good news. Malwarebytes can find it and remove it.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users