Zeus Trojan resurfaces

By Phil Muncaster on Feb 15, 2010 9:26AM
Add techpartner.news As Your Trusted Source
Zeus Trojan resurfaces

Security vendor Websense is warning of a renewed spate of global attacks aimed at stealing information from staff in government and military departments via the notorious Zbot or Zeus Trojan.

The malware, which was originally designed and used to steal banking data, was used in a campaign targeting government workers in the US and UK at the beginning of the month.

This follow up attack involves a fake email purporting to be from a reputable figure within the Central Intelligence Agency, with the subject line: "Russian spear phishing attack against .mil and .gov employees".

“The spoofed emails capitalise on the last Zeus attack, and claim that installing theWindows update via the links provided will aid protection against Zeus attacks,” noted a Websense alert.

“The binary file downloaded from these links is identified as a Zeus bot and holds 35 per cent AV detection rate. Once again URLs in the email messages lead to a malicious file hosted on a compromised host, and also on a popular file hosting service.”

According to Websense, after The Zeus Rootkit component is installed the command and control (C&C) server is contacted to download an encrypted configuration file.

Another data stealing component gets downloaded and installed from the same C &C, and then the bot starts to connect with a credential-based FTP server to upload stolen data.

Got a news tip for our journalists? Share it with us anonymously here.
Copyright ©v3.co.uk

Add techpartner.news as your trusted source

Add techpartner.news As Your Trusted Source
Tags:
attack attacks file government security websense zeus

Partner Content

Think Technology Australia deliver massive ROI to a Toyota dealership through SharePoint-powered, automated document management
Think Technology Australia deliver massive ROI to a Toyota dealership through SharePoint-powered, automated document management
Have ticket queues become your quiet business risk?
Have ticket queues become your quiet business risk?
AI PCs shift from hype to revenue opportunity for partners
AI PCs shift from hype to revenue opportunity for partners
Why Australia’s Industrial Leaders Are Turning to Dynamic Aspect for Dynamics 365 Business Central
Why Australia’s Industrial Leaders Are Turning to Dynamic Aspect for Dynamics 365 Business Central
Expanding Opportunities for Microsoft Partners with Dicker Data’s Solution ConX Marketplace
Expanding Opportunities for Microsoft Partners with Dicker Data’s Solution ConX Marketplace

Sponsored Whitepapers

SMB Profitability: Paths to profit for SMB sized MSPs
SMB Profitability: Paths to profit for SMB sized MSPs
Transform how you provision and deliver security and backup—on one platform
Transform how you provision and deliver security and backup—on one platform
Protect the data your business relies on
Protect the data your business relies on
1 in 3 companies lose SaaS data. Here’s how to prevent it
1 in 3 companies lose SaaS data. Here’s how to prevent it
Cut through the SASE confusion
Cut through the SASE confusion

Events

techpartner.news MSP index - Brisbane
techpartner.news MSP index - Brisbane
techpartner.news Winter Ball featuring the 2026 Impact Awards
techpartner.news Winter Ball featuring the 2026 Impact Awards
Integrate 2026
Integrate 2026
Security Exhibition & Conference
Security Exhibition & Conference

Most read articles

Interactive introduces private cloud platform

Interactive introduces private cloud platform
Bluechip Infotech enters final stage of Goodson Imports acquisition

Bluechip Infotech enters final stage of Goodson Imports acquisition
Why Kat McCrabb started with the hard stuff

Why Kat McCrabb started with the hard stuff
SentinelOne signs distribution agreement with Sektor

SentinelOne signs distribution agreement with Sektor

Log in

Email:
Password:
  |  Forgot your password?