ZBOT/Zeus makers mock AV companies

The ZBOT/Zeus banking Trojan has been a well-known fixture of the threat landscape these last years, and can thank its developers for the constant changes that keep it from getting spotted by new and improved AV software.

In a bid to demonstrate their superiority, the authors inserted a hidden message in a new variant of the Trojan in which they thank AV companies for the “new quests” and taunt them by saying they are stupid.

The tone of the message seems to imply that this is just a child’s play to them, whereas the companies work hard to keep up the pace. Also, being surely aware for the Internet’s penchant to zero in on trivial but fun details, this could also be a clever way to get a warning when (and by whom) the variant gets detected.

TrendMicro says that the message can only be seen after the binary file is already copied on the memory of the affected computer, but that their Web and file reputation services prevent that from happening.