Son of Zeus can sneak past antivirus controls

The latest Trojan horse proves difficult to rein in.

Trojan

Trend Micro has reported a new variant of the Zeus Trojan will not be detected by conventional antivirus applications. In fact, it has proved to be virtually undetectable.

Zeus has proved to be a persistent threat and was responsible for the recent 6 million theft from UK bank accounts by an international gang. This latest evolution of the Trojan means more financial misery could be happening, with computer users unaware their PC had been involved.

Advertisement - Article continues below

The latest variant has been given the typically ungainly name TSPY_ZBOT.BYZ. It has avoided detection by importing a large number of application programming interfaces (APIs), making it difficult to know where it would strike.

The new Zeus is also compressed differently to its predecessors, which foils a detection system based on calculable entropy. This is finding where in the viral code certain trigger routines might be hidden. It has enabled the Trojan to fool the heuristic detection systems in antivirus protection systems.

In addition to these features, analysing the virus has proved difficult for the numerous labs that develop counter measures. Normally, a virus is isolated in a sandbox, or isolated environment, to see how the code executed, what system changes it made and any network traffic it generated. Zeus just refused to play in a sandbox, Trend Micro claimed.

Advertisement
Advertisement - Article continues below

Since the appearance of Zeus.BYZ, another variant, Zeus.SMEQ, has been found and, given the difficulty in detection, there may have been more added to the family.

Trend's experts, and all the other antivirus companies, have been working on a detection process.

Julius Dizon, research engineer at Trend Micro, concluded: "To properly guard against this threat, conventional antivirus is not sufficient. Both improved detection techniques and proactive blocking of the websites, working together, can protect users."

Featured Resources

Top 5 challenges of migrating applications to the cloud

Explore how VMware Cloud on AWS helps to address common cloud migration challenges

Download now

3 reasons why now is the time to rethink your network

Changing requirements call for new solutions

Download now

All-flash buyer’s guide

Tips for evaluating Solid-State Arrays

Download now

Enabling enterprise machine and deep learning with intelligent storage

The power of AI can only be realised through efficient and performant delivery of data

Download now
Advertisement

Recommended

Visit/security/355013/10-quick-tips-to-identifying-phishing-emails
Security

10 quick tips to identifying phishing emails

16 Mar 2020
Visit/business-strategy/mergers-and-acquisitions/354941/panda-security-to-be-acquired-by-watchguard
mergers and acquisitions

Panda Security to be acquired by WatchGuard

9 Mar 2020
Visit/security/internet-security/354417/avast-and-avg-extensions-pulled-from-chrome
internet security

Avast and AVG extensions pulled from Chrome

19 Dec 2019
Visit/security/354156/google-confirms-android-cameras-can-be-hijacked-to-spy-on-you
Security

Google confirms Android cameras can be hijacked to spy on you

20 Nov 2019

Most Popular

Visit/security/privacy/355155/zoom-kills-facebook-integration-after-data-transfer-backlash
privacy

Zoom kills Facebook integration after data transfer backlash

30 Mar 2020
Visit/infrastructure/server-storage/355118/hpe-warns-of-critical-bug-that-destroys-ssds-after-40000-hours
Server & storage

HPE warns of 'critical' bug that destroys SSDs after 40,000 hours

26 Mar 2020
Visit/software/355113/companies-offering-free-software-to-fight-covid-19
Software

These are the companies offering free software during the coronavirus crisis

25 Mar 2020
Visit/cloud/355098/ibm-dedicates-supercomputing-power-to-coronavirus-researchers
high-performance computing (HPC)

IBM dedicates supercomputing power to coronavirus research

24 Mar 2020