Major European banks and financial institutions are being targeted by the latest ZeuS/Zbot variant.
UniCredit Group Subsidiary Bank of Rome; U.K.-based Abbey National; Germany’s FIDUCIA Group; France’s CrÃ©dit Mutuel; and Hong Kong’s HSBC are among the institutions targeted. TrendLabs’ researchers revealed their names with the intention of warning users to be careful.
This ZeuS variant is performing the usual tricks – enslaves the computer into a botnet and steals online banking credentials, which it sends to C&C domains located on a server in Serbia. The server in question and its IP address are known to belong to a group of domains hosting fake AV and involved with Canadian pharmacy spam campaigns.