Researchers at the security firm analyzed data and found a surge in Zeus infections from February through the middle of May. The latest version of Zeus, also known as Zbot, is associated with the Citadel data-stealing malware that was created based on the Zeus source code, according to Jay Yaneza of Trend Micro's technical support team who provided analysis of attack data collected from the company's customer base.
"Old threats like ZBOT can always make a comeback because cybercriminals profit from these," Yaneza wrote. "Peddling stolen banking and other personal information from users is a lucrative business in the underground market."
[Related: Former DuPont Security Chief: Safeguarding Data Is A Daily Struggle ]
Zeus was first detected in 2007 and is frequently found in automated attack toolkits. The malware family itself is frequently updated with mechanisms designed to evade detection by antivirus and network security appliances.
The latest variants detected by Trend Micro attempt to contact a remote server to download configuration data that contains the name of banks that the malicious program uses to detect in the victim's browser. Once a victim browses to a financial website on the list, the spyware mechanism is triggered and attempts to steal the login information.
Malware authors and botnet operators are constantly improving their attack techniques in an attempt to evade detection. A recent paper issued by Damballa, Dell-SecureWorks and researchers at the Georgia Institute of Technology, described a major update to one of the oldest spam botnets called Cutwail, which fuels infections of the Pushdo malware. The new domain algorithm identified by the researchers acts like backup command-and-control techniques used by Zeus Trojan, according to the paper.
Trend Micro said it identified more than 112,000 malware victims in the first quarter of this year, mainly due to the availability of cheaper, more widely available automated tools. Botnets also are becoming more affordable, Trend Micro said. Meanwhile, Java continues to be the most targeted software platform.
Trojans such as Zeus are also being detected in record numbers by other security firms. According to more than 6 million malware samples in the first quarter of 2013 analyzed by Spain-based security vendor Panda Security, Trojans ranked first, making up 76 percent of the malicious code, followed by worms, viruses and spyware. The security firm's threat report, issued this week, found Trojans reaching record levels.
"Today most Trojan infections are through compromised websites, often exploiting some kind of vulnerability in Java or Adobe," Panda said. "This means that in just a few minutes there may be thousands of infections with the same Trojan."
PUBLISHED ON MAY 24, 2013
related stories
Video
trending stories
sponsored resources

OutSystems
Modern Application Development 360

Symantec
Symantec Business Security Learning Center

HP Amplify™ - A Simplified Global Program for the Customer-Driven Digital Age
HP Inc.

BlackBerry
BlackBerry Learning Center

Dell Technologies
Dell Technologies Cloud Learning Center

Dell Technologies
Dell Technologies Storage Learning Center

NPD
Industry Trends 360

Products of the Year Showcase

Cysurance
Cyber Insurance 360

StorageCraft
Disaster Recovery Learning Center

APC by Schneider Electric
IoT Platforms 360

EPOS
EPOS

Smart 3rd Party
3rd Party Maintenance 360

WatchGuard
WatchGuard

Spectrum Partner Program
Spectrum Partner Program

ADT
Network Security 360

Tenable
Cyber Risk 360

Wasabi
Wasabi

Dell Technologies
Dell Technologies Server Learning Center

HubStor
Cloud Backup 360

Carbonite
Cloud Storage 360

Comcast
Comcast Business Learning Center

Trend Micro
Managed Security 360

Dell Technologies
Dell Technologies Hybrid Cloud Learning Center

Veeam
Veeam
