Zeus Is Back In The New Form Of The Banking Trojan By Juhi Afreen

6 December 2017 Computers ≈ Security

Has your system caused the "Zeus Virus Detected" to suddenly appear? To deal with this adware in the current situation, it is highly recommended to read this article and follow the guidelines as soon as possible.

Has your system caused the "Zeus Virus Detected" to suddenly appear? To deal with this adware in the current situation, it is highly recommended to read this article and follow the guidelines as soon as possible.

Cybercriminals have not stopped searching for sophisticated techniques to catch users into traps. It seems that typical malvertising strategies and the use of exploits have stopped satisfying them. The lust for money inspires fraudsters to create ever more sophisticated malware penetration techniques. The most recent of them is noteworthy.

Fraudsters carefully introduced specific keywords in real and hacked pages. They most probably used the help of several bots to pick up sites in the Google SERP ranking (ranking of search results pages). When users enter one of them into a browser, they risk entering Zeus.

Zeus Panda's banking Trojan. Here are some examples of keywords:

  • "How to cancel a check commonwealth bank"

  • "Sbi bank recurring deposit form"

  • "Axis bank mobile banking download link"

  • "Free online books for bank clerk exam"

  • "Bank of Baroda account balance check"

  • "Nordea Sweden bank account number"

  • "Bank guarantee format mt760" "how many digits in Karur Vysya bank account number"

This suggests a very wide campaign of this virus - especially the campaign set up for the banking Trojan. It targets users in Sweden, India and Arab countries. Some of these keywords are quite universal, which only makes the campaign much worse.

Ways to escape from malware

Fortunately, according to VirusTotal, the new version of Zeus virus is now detectable by most anti-virus tools. Currently, the software upgrade is the only way to reduce the risk of encountering this virtual threat. Users should also know what they click and download from the web. Those using mobile devices - especially those with Android devices - should install several different types of malware protection, because they are particularly vulnerable to the attack of this banking Trojan.

Performing through macros

When users enter the search term, they are redirected by several pages and eventually land on the page in a hidden JavaScript code that downloads the specially crafted .doc file.

At the current stage, Zeus is similar to ransomware. If the macros are disabled by default, the document asks you to enable them to see the content. After activating the macros, the executable file of the obodok.exe malware is downloaded, which then appears in the% Temp% folder.

Deceptive facade and self-destruction

This malware is indeed well programmed because it has even a specific "resistance" to be detected. Looking for popular sandbox environments. If he finds any of the applications on his list, he destroys and leaves a batch file. The file in the% Temp% folder is also deleted. Later, the malware continues the process and deletes the source file.

Besides, it looks like the malware has a few exceptions. If it penetrates the system and detects Russian, Ukrainian, Belarusian and Kazakh languages, it is eliminated by itself.

About the Author

A network administrator and malware researcher at NowRemoveVirus with the passion for the discovery of new malware and innovations in cybersecurity. A Strong supporter of basic education for all users against online security.

Article Category