Another Zeus-based offering has been unearthed by Trend Micros researchers, and by the look of things, this one seems to be better crafted than the recently discovered Ice IX crimeware that doesn’t deliver on its promises.
Having analyzed the code, they believe that it was created by using version 220.127.116.11. of the Zeus toolkit and that it was created specifically for a professional gang comparable to LICAT.
This solution is likely to succeed where Ice IX has failed: an updated encryption/decryption algorithm that should prevent trackers from analyzing its configuration file.
Also, an update of the Zeus builder capability of checking for bot information and uninstalling it should make antivirus solutions unable to use it for detecting the bot and automatically purging the system of it.
“It is also worth mentioning that this malware targets a wide selection of financial firms including those in the United States, Spain, Brazil, Germany, Belgium, France, Italy, Ireland, etc,” say the researchers. “More interestingly, it targets HSBC Hong Kong, which suggests that this new Zeus variant may be used in a global campaign, which may already include Asian countries.”