There is a new version of ZeuS/Zbot bot out there. While previous versions were designed to indiscriminately target financial institutions around the world, this one concentrates only on banks in four larger countries: UK, US, Germany and Spain.
The configuration file of the new bot contains a list of the financial institutions targeted, but each version contains only a list of banks in two countries: UK-US or Germany-Spain.
There is also another change in this new bot version. “In earlier versions, Zeus handles this configuration file in a way that security researchers can easily manage to reverse engineer and capture the actual full configuration content,” says CA researcher Zarestel Ferrer.
“This is no longer the case for the latest Zeus bot version 3, which is already in the wild. It employs layers of protection by applying the principle of least privilege. It means that the bot must only access remote command, information and resources that are necessary to a specific function and purpose.”