Remember when we talked about Tatanga and it has the capability of removing Zeus? That Zeus is what I am going to emphasize in this entry. Clearly, what we know about Zeus now is, it is a Trojan and it has the ability to intrude someone’s privacy where at the same time, launched the Man in the Browser attack. Zeus had been in the cybercrime for a long long time and even though there are SpyEye and Tatanga around, Zeus was never an outdated Trojan. It remains powerful due to its functionality. I will be posting an entry regarding the history of these types of Trojan in my coming few post.
Let us checkout the fundamental of Zeus before moving to the headline of this topic. Zeus is spread commonly via emails where it will ask the target to click on some malicious URL and thus inject the Trojan into the PC. Be aware that Zeus does not only appear in URL or executable form, it also can appear in PDF format. This Trojan is capable of stealing data submitted in HTTP forms, accounts credentials stored in the Windows Protected Storage, client-side PKI certificates, FTP and POP account credentials and also HTTP and Flash cookies.
Apart from the stealing abilities of Zeus, it is also capable of network attack, to be specify it is some sort of traffic redirection. It can redirects the victims from the target web pages to an attacker controlled server. It can also takes screenshots and scrapes HTML from target sites. With the informations that is stolen, it can also uploads files from the infected computer. If the reader is familiar with network fundamental, you should also take note that Zeus is also capable of modifying the local hosts file. If necessary, it can also downloads and executes arbitrary programs. Finally, once the victim is no longer useful to the attacker, it can also delete crucial registry keys that will make the computer unable to boot into Windows.
Knowing how dangerous this Trojan is critical as in this headline, there is a very high possibility that the Zeus Trojan is on sale. Insecurity firm CSIS, one of the security specialist Peter Kruse claimed that some of the individuals already obtained the Zeus source code. In addition to that, it was also claimed that the source code for Zeus is sold to the it’s own rival, the creator of SpyEye. However, there is still no firm news as the security specialist were unable to track the underground sale of the Zeus source code.
Zeus tool-kits is already been around for a long time. Hackers can get the ready-made version as a ‘beginner’ Trojan to toy around with. Although many cyber criminals had been using the Zeus Trojan all this while, however the cyber criminals that actually get their hands on the source code of this Trojan is relatively low. It is claimed that there are people who obtained the Zeus Trojan’s source code apart from the author. This will signal a new danger as more and more hackers can create a Malware that is evolved in the way that it is more effective in penetrating.