Norton Support Center endeavours to make computer users aware of latest malware programs by means of its informative blogs. Law enforcement agencies and security firms from Europe and the US regularly make collaborative efforts to block the spread and attacks of very harmful malware programs that wreak havoc on the international economy and individual finances. One such campaign – Operation Tovar – was launched in the mid of year 2014 against Gameover ZeuS botnet, which was used in bank fraud and the spread of CryptoLocker ransomware. In the operation, the communication between the botnet and its command–and–control servers was terminated.
Gameover ZeuS and CryptoLocker are some of the most infamous pieces of malware that are intended to steal financial data. In addition to these two, there are many other variants of credential stealing Trojans that are active and hence, you should know about them.
Before providing you with the essential pieces of information on some of the most sophisticated credential stealing Trojans, Norton Tech Support, with the following facts, attempts to clarify some of the common terms used in this blog.
- Trojan: Trojan horse or Trojan is a deleterious computer code that is used to hack a computer system – secretly find a way into it by deceiving the computer users of its true purpose. It works in the system’s background and executes harmful actions there. Its presence on your system signifies a great security risk to the system’s data.
- Bot: An internet bot, WWW robot, web robot, or bot is a software program that carries out automated tasks – scripts – over the web. Having the ability to perform tasks that are both simple and structurally repetitive, at a higher rate, bots are largely used in web crawler process, the organized browsing of the World Wide Web for the purpose of indexing the contents of a website or the whole internet.
From a malicious point of view, cybercriminals use bots to coordinate and operate an automated attack on networked computers, such as denial-of-service attack (DoS attack), in which multiple computer systems are made to access a networked resource, such as a website, making it unavailable to everyone else due to the heavy traffic flowing to the resource.
- Botnet: Botnet is a number of devices that are connected through an internet network, having one or more bots running on each of them.
Top 10 extremely dangerous financial malware
- Zeus or Zbot
Zeus also known as Zbot is a type of Trojan that harmfully affects Windows operating system (OS) users by attempting to retrieve confidential details from their infected computer devices. Once it gets inside a computer, it can also download configuration files and updates using the internet. Using a Trojan-building toolkit that cybercriminals get online, Zeus files can be easily created and customized.
Zeus is intended to steal private information, such as system details, banking credentials, and passwords. Using these info, the cybercriminals log into the victim’s account and make money transactions by means of a complex network of computers which helps them in remaining undetectable.
Zeus is a client-server based Trojan that requires a Command and Control server (CCS) to send and receive information across the network. A single Command and Control server is considered vulnerable in the malware architecture and to counter this weakness, the latest versions of Zeus have included a DGA (domain generation algorithm) that makes the server connection resistant to takedown attempts, which are made by law enforcement agencies. DGA does this by providing domain names that bots try to connect in case the Command and Control server cannot be reached.
Infostealer and PRG are some of the other names of Zeus or Zbot. Zeus has infected close to 3.5 million computer systems in the US alone.
- Zeus Gameover
Zeus Gameover is a variant of the Zeus family which is infamous for being financial stealing malware. It uses a peer-to-peer botnet network infrastructure. This network configuration eliminates the need for a centralized command and control server since it includes a DGA (domain generation algorithm) that generates new domains if the peers become unreachable.
These generated peers in the botnet act as independent CCS and are intended to possess commands, which are configuration files. They also send the stolen data to the malicious servers. Like other banking malware, Zeus Gameover is used by cybercriminals to collect financial details, such as card numbers and passwords.
SpyEye is a data-stealing malware designed to steal log-in details of a victim’s online bank accounts. The banking Trojan possesses a keylogger which secretly retrieves login information for online financial accounts. It can be customized to attack a particular institution or to target a certain financial data.
You may like: What Is Norton Security Error 8504 and How To Fix It?
- Ice IX
Ice IX is a modified version of Zeus designed by the bad guys to carry out the same purpose of stealing personal and financial information. Similar to Zeus, Ice IX can control the displayed content in an internet browser which is used for online banking website. It injects web forms to extract banking details of a victim. Ice IX has many improved features over Zeus and one of them is its defense mechanism meant to evade tracker sites.
After the files related to the infamous Zeus, including its source code, got leaked in 2011, Citadel appeared as a new cyber-threat. As the source code was open for modifications, cybercriminals improved it for various malware attacks. The enhanced malware helps the criminals to trick computer users into revealing confidential details and therefore, to easily steal them. And, the end result is likely to be as the unauthorized access of the victims’ bank accounts and transactions.
- Carberp (Zeus family)
Being one of the most widely spread financial stealing malware in Russia, Carberp allows its user-cum-criminal to steal private info from online banking platforms. The platforms – banking web pages – become open to this malware attack when the computer opening the web page is infected with it.
The malware is quite resistant to counter-threat applications and is similar to other malware of the Zeus family. The malicious program is able to steal private and valuable data from the victim’s machine and adds new data to it by downloading the same from CCSs.
Carberp works by injecting a code into web pages which allows it gather sensitive information from banking platforms. The malware is distributed through e-mail attachments, deceptive pop-up window or by means of drive-by-downloads.
- Bugat (Zeus family)
Another Trojan, named Bugat, with capabilities similar to that of Zeus is used by cybercriminals to obtain sensitive info about a victim. The malware is intended to obtain details about the victim’s browsing history and harvest info during online banking sessions. It can perform a number of malicious tasks on a computer system, namely steal FTP credentials, upload files, and download and execute a list of running processes. Bugat receives instructions and updates about the financial websites it has to target from its CCS. And, the secret info it collects is send to the remote server of the cybercriminals. The bad guys spread Bugat in the form of emails containing malicious links that download the malware on the computer when a person click on them.
- Shylock (Zeus family)
To send and receive data to and from a victim’s computer using this malware, cybercriminals use CCSs. It is one more piece of banking malware intended to obtain the victim’s banking details. As in the case of Zeus Gameover, the criminals use domain generation algorithm (DGA) to successfully run Shylock. With DGA, multiple domain names are generated to facilitate a communication between the malware and harmful servers. The malware is spread using malvertising – web advertisements having malicious codes, and drive-by downloads.
- Torpig (Zeus family)
A complex malware that secretly obtains sensitive details, namely bank account and credit card information from its victim. It is spread and controlled using a botnet. A network of compromised computer systems is used to send malicious emails and steal sensitive data. The criminals behind it also use DGA to successfully conduct its attack.
CryptoLocker is a ransomware Trojan and is considered one of the most harmful malware for the irreversible encryption done by it on a victim’s system. The ransomware encrypts private files on a machine and asks for a money transfer for the decryption key. Generally, the malware is spread by means of an email attachment, which seems legitimate.
If you also feel that your system is little bit slow or might be affected by any of above mentioned Viruses/ Malwares / Trojans / Ransomwares etc. do contact with Norton Technical Support to protect your sensitive details like- Bank Details, Official Details, Personal Info etc. You may also call now Norton Support UK 800-014-8285 if your PC is slow or affected by any online attack.
If we’ve missed any malware which was extremely dangerous please let us know by commenting below, Norton Support Center will try to include them in our next post.