Access member only content, take part in discussions with comments on blogs, news and reviews and receive all the latest security industry news directly to your inbox. Join now for free.
Processing registration... Please wait.
This process can take up to a minute to complete.
A confirmation email has been sent to your email address - SUPPLIED EMAIL HERE. Please click on the link in the email to verify your email address. You need to verify your email before you can start posting.
If you do not receive your confirmation email within the next few minutes, it may be because the email has been captured by a junk mail filter. Please ensure you add the domain @scmagazine.com.au to your white-listed senders.
Trend Micro has reported that a new variant of the Zeus Trojan is unlikely to be detected by conventional antivirus applications.
In fact, it has proved to be virtually undetectable.
The Zeus Trojan has proved to be a persistent threat and was responsible for the recent £6 million (AU$9.7 million) theft from UK bank accounts by an international gang. This latest evolution of the Trojan means more financial misery could be happening, with computer users unaware their PC had been involved.
The latest variant has been given the typically ungainly name TSPY_ZBOT.BYZ. It has avoided detection by importing a large number of application programming interfaces (APIs), making it difficult to know where it would strike.
The new Zeus is also compressed differently to its predecessors, which foils a detection system based on calculable entropy. This is finding where in the viral code certain trigger routines might be hidden. It has enabled the Trojan to fool the heuristic detection systems in antivirus protection systems.
In addition to these features, analysing the virus has proved difficult for the numerous labs that develop counter measures. Normally, a virus is isolated in a sandbox, or isolated environment, to see how the code executed, what system changes it made and any network traffic it generated. Zeus just refused to play in a sandbox, Trend Micro claimed.
Since the appearance of Zeus.BYZ, another variant, Zeus.SMEQ, has been found and, given the difficulty in detection, there may have been more added to the family.
Trend and its peers, have been working on a detection process.
Julius Dizon, research engineer at Trend Micro, concluded: “To properly guard against this threat, conventional antivirus is not sufficient. Both improved detection techniques and proactive blocking of the websites, working together, can protect users.”
This article originally appeared at itpro.co.uk
To begin commenting right away, you can log in below or register an account if you don't yet have one. Please read our guidelines on commenting. Offending posts will be removed and your access may be suspended. Abusive or obscene language will not be tolerated. The comments below do not necessarily reflect the views or opinions of SC Magazine, Haymarket Media or its employees.
